US20210209233A1 - Systems and methods for control system security - Google Patents
Systems and methods for control system security Download PDFInfo
- Publication number
- US20210209233A1 US20210209233A1 US17/094,474 US202017094474A US2021209233A1 US 20210209233 A1 US20210209233 A1 US 20210209233A1 US 202017094474 A US202017094474 A US 202017094474A US 2021209233 A1 US2021209233 A1 US 2021209233A1
- Authority
- US
- United States
- Prior art keywords
- cyber
- physical
- state
- control system
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims description 184
- 238000004891 communication Methods 0.000 claims abstract description 254
- 239000012634 fragment Substances 0.000 claims description 357
- 239000003795 chemical substances by application Substances 0.000 claims description 312
- 238000010200 validation analysis Methods 0.000 claims description 241
- 230000008569 process Effects 0.000 claims description 133
- 230000004044 response Effects 0.000 claims description 117
- 230000008878 coupling Effects 0.000 claims description 86
- 238000010168 coupling process Methods 0.000 claims description 86
- 238000005859 coupling reaction Methods 0.000 claims description 86
- 238000003860 storage Methods 0.000 claims description 39
- 238000011156 evaluation Methods 0.000 claims description 36
- 230000002547 anomalous effect Effects 0.000 claims description 34
- 230000036541 health Effects 0.000 abstract description 363
- 230000000875 corresponding effect Effects 0.000 description 336
- 230000006870 function Effects 0.000 description 107
- 230000000116 mitigating effect Effects 0.000 description 91
- 238000002955 isolation Methods 0.000 description 63
- 230000006399 behavior Effects 0.000 description 59
- 238000012544 monitoring process Methods 0.000 description 44
- 238000010586 diagram Methods 0.000 description 39
- 230000000670 limiting effect Effects 0.000 description 24
- 238000012549 training Methods 0.000 description 23
- 238000001514 detection method Methods 0.000 description 20
- 230000033458 reproduction Effects 0.000 description 19
- 238000005259 measurement Methods 0.000 description 17
- 230000001010 compromised effect Effects 0.000 description 15
- 238000005096 rolling process Methods 0.000 description 14
- 230000014509 gene expression Effects 0.000 description 11
- 230000001965 increasing effect Effects 0.000 description 10
- 230000007246 mechanism Effects 0.000 description 10
- 230000007704 transition Effects 0.000 description 10
- 230000007717 exclusion Effects 0.000 description 9
- 238000012545 processing Methods 0.000 description 9
- 239000013598 vector Substances 0.000 description 9
- 230000001276 controlling effect Effects 0.000 description 8
- 238000009826 distribution Methods 0.000 description 8
- 238000012986 modification Methods 0.000 description 8
- 230000004048 modification Effects 0.000 description 8
- 230000001681 protective effect Effects 0.000 description 8
- 230000008901 benefit Effects 0.000 description 7
- 230000001105 regulatory effect Effects 0.000 description 7
- 230000003111 delayed effect Effects 0.000 description 6
- 238000007670 refining Methods 0.000 description 6
- 230000008859 change Effects 0.000 description 5
- 238000007796 conventional method Methods 0.000 description 5
- 230000003247 decreasing effect Effects 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 238000004519 manufacturing process Methods 0.000 description 4
- 238000013507 mapping Methods 0.000 description 4
- 238000012806 monitoring device Methods 0.000 description 4
- 229920002595 Dielectric elastomer Polymers 0.000 description 3
- 239000004020 conductor Substances 0.000 description 3
- 230000002596 correlated effect Effects 0.000 description 3
- 230000008676 import Effects 0.000 description 3
- 238000002347 injection Methods 0.000 description 3
- 239000007924 injection Substances 0.000 description 3
- 238000007689 inspection Methods 0.000 description 3
- 229920000642 polymer Polymers 0.000 description 3
- 238000004886 process control Methods 0.000 description 3
- 230000002829 reductive effect Effects 0.000 description 3
- 239000000243 solution Substances 0.000 description 3
- 101000760817 Homo sapiens Macrophage-capping protein Proteins 0.000 description 2
- 102100024573 Macrophage-capping protein Human genes 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 2
- 230000003044 adaptive effect Effects 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000000593 degrading effect Effects 0.000 description 2
- 229920001746 electroactive polymer Polymers 0.000 description 2
- 230000001747 exhibiting effect Effects 0.000 description 2
- 239000012530 fluid Substances 0.000 description 2
- 238000010348 incorporation Methods 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000035945 sensitivity Effects 0.000 description 2
- 229920000431 shape-memory polymer Polymers 0.000 description 2
- 239000000758 substrate Substances 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 230000005355 Hall effect Effects 0.000 description 1
- 230000002411 adverse Effects 0.000 description 1
- 230000033228 biological regulation Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 238000001311 chemical methods and process Methods 0.000 description 1
- 239000002131 composite material Substances 0.000 description 1
- 230000003750 conditioning effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000006731 degradation reaction Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000002847 impedance measurement Methods 0.000 description 1
- 230000006698 induction Effects 0.000 description 1
- 230000001939 inductive effect Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 229920000831 ionic polymer Polymers 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000013178 mathematical model Methods 0.000 description 1
- 238000011326 mechanical measurement Methods 0.000 description 1
- 238000010297 mechanical methods and process Methods 0.000 description 1
- 230000005226 mechanical processes and functions Effects 0.000 description 1
- 239000002905 metal composite material Substances 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000010248 power generation Methods 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 230000009993 protective function Effects 0.000 description 1
- 230000005855 radiation Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 230000035939 shock Effects 0.000 description 1
- 239000000779 smoke Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/042—Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
- G05B19/0423—Input/output
- G05B19/0425—Safety, monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Definitions
- This disclosure relates to control system security and, in particular, to systems, methods, apparatus, and/or non-transitory computer-readable storage media for holistically evaluating the cyber-physical health of a control system and/or respective control loops thereof.
- a “cyber-physical” system refers to a system comprising cyber components configured to operatively and/or communicatively couple physical components to computational components (and vice versa).
- a “computational component” may refer to a component configured to implement control logic and/or a control function pertaining to a physical process and/or physical process attribute.
- a “physical component” may refer to any suitable means for realizing the control logic and/or control function, which may comprise one or more of: monitoring, sensing, modifying, actuating, modulating, managing, regulating, and/or controlling the physical processes and/or physical process attribute.
- a “cyber component” may refer to any suitable means for communicatively and/or operatively coupling a computational component to a component (e.g., cyber infrastructure to couple physical components to the computational and/or control substrates of the system).
- Conventional techniques for securing cyber-physical systems may attempt to protect internal communication infrastructure from cyber-attack.
- Conventional systems may not, however, correlate the health of the cyber components and/or detected cyber anomalies with the state of physical components potentially affected thereby (and may be incapable of doing so since the cyber-security components may not be tied to particular physical components of the system).
- the health of the physical components may be evaluated separately and independently from the cyber components.
- Conventional techniques for detecting anomalies in physical components may rely on rudimentary recognition techniques based upon known failure modes of the physical components.
- Conventional techniques for securing cyber-physical systems may attempt to guarantee the security and/or integrity of the network(s) used to communicate with physical components of the system. Such security guarantees may be based on perimeter security whereby internal network(s) of the system are secured from attack and/or intrusion from one or more external networks (e.g., may rely on securing gateway(s) and/or external channel(s) of the system). Based on these guarantees, conventional systems may assume that internal communications with physical components are secure. Accordingly, a successful attack on a gateway, external communication channel, and/or physical component of the system could result in complete compromise. Furthermore, an attacker may be able to affect the cyber-physical system via compromised physical components, even while the security guarantees are maintained. Conventional systems may, therefore, be incapable of adequately securing cyber-physical systems from diverse cyber and/or physical attack.
- FIG. 1A is a schematic block diagram of one embodiment of a cyber-physical system, as disclosed herein;
- FIG. 1B is a schematic block diagram of one embodiment of data structure(s) comprising a cyber-physical topology, as disclosed herein;
- FIG. 2 is a schematic block diagram of one embodiment of resilient security agent, as disclosed herein;
- FIG. 3A is a schematic block diagram illustrating embodiments of data structures comprising embodiments of cyber-physical state metadata, as disclosed herein;
- FIG. 3B illustrates relationships between cyber and/or physical state signatures, as disclosed herein;
- FIG. 4 is a schematic block diagram illustrating embodiments of data structures comprising cyber-physical health metadata, as disclosed herein;
- FIG. 5A is a schematic block diagram of another embodiment of a resilient security agent, as disclosed herein;
- FIG. 5B is a schematic block diagram illustrating embodiments of data structures comprising embodiments of cyber-physical state metadata, as disclosed herein;
- FIG. 6 is a flow diagram of one embodiment of a method for securing a cyber-physical system, as disclosed herein;
- FIG. 7A is a flow diagram of another embodiment of a method for securing a cyber-physical system, as disclosed herein;
- FIG. 7B is a flow diagram of one embodiment of a method for securing a cyber-physical system by communicating state keys through selected regions of a cyber-physical system, as disclosed herein;
- FIG. 8 is a flow diagram of one embodiment of a method for determining a source of anomalous error metrics by a resilient security agent, as disclosed herein;
- FIG. 9 is a flow diagram of another embodiment of a method for determining a source of high error metrics by a resilient security agent, as disclosed herein;
- FIG. 10 is a flow diagram of another embodiment of a method for determining a source of anomalous error metrics by a resilient security agent, as disclosed herein;
- FIG. 11 is a flow diagram of one embodiment of a method for characterizing a cyber-physical health of a selected region of a cyber-physical system, as disclosed herein;
- FIG. 12A-13B are schematic block diagrams of embodiments of a resilient security agent, as disclosed herein;
- FIG. 14A-14B are schematic block diagrams of embodiments of a resilient security agent configured to evaluate cyber and/or physical health based on, inter alia, one or more cyber and/or physical state profiles;
- FIGS. 15-18 are flow diagrams of additional embodiments of methods for securing a cyber-physical system, as disclosed herein.
- FIG. 1A is a schematic block diagram of one embodiment of a cyber-physical system 100 , as disclosed herein.
- the cyber-physical system 100 may comprise cyber-physical components 102 , as disclosed herein (e.g., may feature a tight coupling between cyber communication, computation, and physical substrates).
- the cyber-physical system 100 may comprise one or more of: an industrial control system, an intelligent control system, a distributed control system, am embedded control system, a vehicle control system, a building control system, a process control system, a plant control system, a manufacturing control system, a power control system, a power grid system, a Supervisory Control and Data Acquisition (SCADA) system, and/or the like.
- SCADA Supervisory Control and Data Acquisition
- the cyber-physical system 100 comprises a control system 101 .
- the control system 101 may comprise cyber-physical components (components 102 ), which may include, but are not limited to: cyber communication components (cyber components 120 ), cyber computational and/or control components (computational components 130 ), physical components 140 , and/or the like.
- the control system 101 may further comprise a resilient security agent 110 , which, as disclosed in further detail herein, may be configured to prevent, detect, and/or mitigate cyber-physical attacks.
- the control system 101 may comprise and/or implement one or more “cyber-physical control elements” 105 .
- a “cyber-physical control element” (CPCE) 105 refers to cyber-physical components 102 configured to implement control functions pertaining to one or more physical process variables 155 .
- a “physical process variable” or “process variable” 155 may refer to any suitable physical phenomena capable of being sensed, measured, monitored, adjusted, manipulated, managed, protected, regulated, and/or otherwise controlled by cyber-physical components 102 of the control system 101 .
- a physical process variable (PPV) 155 may comprise a manipulated variable of a control function implemented by the CPCE 105 .
- a PPV 155 may comprise and/or correspond to one or more of a physical process 150 , a physical process attribute 152 , and/or the like.
- a “physical process” 150 may refer to any physical phenomena and/or process capable of being controlled by a cyber-physical system 100 , which may include, but is not limited to: an industrial process, a mechanical process, an electromechanical process, an electrical process, an electrical power process, an electrical power generation process, an electrical power distribution process, an electrical power conditioning process, an electrical power storage process, an electrical power load process, a manufacturing process, a fluid process, a chemical process, and/or the like.
- an attribute 152 of a physical process 150 may refer to any suitable attribute, variable, process variable, characteristic, parameter, and/or state capable of controlled by a cyber-physical system 100 .
- “controlling” a PPV 155 may refer to one or more of: sensing, measuring, monitoring, adjusting, manipulating, managing, regulating, protecting, and/or otherwise controlling the PPV 155 by use of cyber-physical components 102 of the control system 101 . Therefore, as used herein, a CPCE 105 may comprise, embody, and/or correspond to one or more cyber-physical components 102 of the control system 101 .
- a CPCE 105 may comprise, embody, and/or implement one or more of a control function, a cyber-physical control function, a control path, a cyber-physical control path, a control loop, a cyber-physical control loop, control means, cyber-physical control means, and/or the like.
- a CPCE 105 may comprise cyber, computational, and/or physical components 140 , 130 , and/or 140 of the control system 101 .
- Computational and/or control operations of a CPCE 105 may be implemented by computational components 130 , which may be tightly coupled to corresponding physical components 140 of the CPCE 105 by one or more cyber components 120 .
- the cyber components 120 of the control system 101 may comprise, embody, and/or implement cyber communication services, which be configured to operatively and/or communicatively couple components 102 of the control system 101 .
- the cyber components 120 may comprise any suitable means for operatively and/or communicatively coupling physical components 140 of the control system 101 to computational components 130 of the control system 101 , which may include, but are not limited to: communication components, communication devices, communication interface components, communication media, communication ports, concentrator components, concentrator devices, receivers, transmitters, transceivers, transducers, repeaters, network components, network devices, network interfaces, network components, network communication media (e.g., network wiring, ports, and/or the like), network hubs, network concentrators, network switches, network routers, network security devices, network firewalls, network filters, network drivers, network protocol drivers, cyber nodes (cyber nodes 124 ), and/or the like.
- communication components e.g., network wiring, ports, and/or the like
- network hubs e.g., network concentrators, network switches, network routers, network security devices, network firewalls, network filters, network drivers, network protocol drivers, cyber nodes (cyber nodes 124 ), and
- the cyber components 120 may comprise, embody, and/or implement a control system network 122 .
- a control system (CS) network 122 may refer to any suitable means for communicatively coupling components 102 of a cyber-physical system 100 , such as the control system 101 .
- the CS network 122 may include, but is not limited to: a communication network, an electronic communication network, an internal network, an Internet Protocol (IP) network, a wireless network, a Local Area Network (LAN), a Wide Area Network (WAN), a Virtual Private Network (VPN), a wireless network (e.g., IEEE 802.11a-n wireless network, Bluetooth® network, Near-Field Communication (NFC) network, and/or the like), a public switched telephone network (PSTN), a mobile network (e.g., a network configured to implement one or more technical standards or communication methods for mobile data communication, such as Global System for Mobile Communication (GSM), Code Division Multi Access (CDMA), CDMA2000 (Code Division Multi Access 2000), EV-DO (Enhanced Voice-Data Optimized or Enhanced Voice-Data Only), Wideband CDMA (WCDMA), High Speed Downlink Packet access (HSDPA), High Speed Uplink Packet Access (HSUPA), Long Term Evolution (LTE), LTE-A (Long Term Evolution-Advanced),
- the cyber components 120 may be further configured to secure communications on the CS network 122 , which may comprise encrypting, signing, authenticating, and/or verifying the integrity of messages communicated within the CS network 122 .
- a message communicated on the CS network 122 may comprise one or more: signals, control signals, control system signals, commands, sensor commands, actuator commands, sensor signals, sensor data signals, actuator signals, actuator command signals, packets, data packets, network packets, IP packets, DNP3 packets, SCADA packets, synchrophasors, synchrophasor data, and/or the like.
- the cyber components 120 may further comprise cyber security components 123 , which may be configured to securely couple the CS network 122 (and/or portions thereof) to one or more external networks.
- the cyber security components 123 may comprise perimeter security means configured to prevent, detect, and/or mitigate attacks from the external networks.
- the cyber security components 123 may include, but are not limited to: gateways, channels, firewalls, port monitors, network filters, intrusion detection systems, and/or the like, as disclosed herein.
- the CS network 122 may comprise and/or be configured to communicatively couple a plurality of cyber nodes (cyber nodes 124 ).
- cyber nodes e.g., messages as disclosed above
- cyber communication e.g., messages as disclosed above
- a cyber node 124 may comprise any suitable cyber-physical component 102 of the control system 101 capable of being operatively and/or communicatively coupled to the CS network 122 , including, but not limited to: a cyber component 120 (e.g., cyber infrastructure such as a network device, concentrator, hub, router, gateway, network interface device, cyber security component 123 , and/or the like), a computational component 130 (e.g., a computing device, a controller 132 , an automation controller 134 , a monitoring device, an RTU, and/or the like), a networked physical component 140 (e.g., a networked sensor device 144 , a networked actuator device 146 ), and/or the like.
- the networked sensor/actuator devices 144 / 146 may comprise respective cyber nodes 124 (not shown in FIG. 1B to avoid obscuring details of the disclosed embodiments).
- the computational components 130 of the control system 101 may comprise, embody, and/or implement computational services of the control system 101 , which may include, but are not limited to: computational services, control services, monitoring services, configuration services, interface services, human-machine-interface (HMI) services, and/or the like.
- computational services control services, monitoring services, configuration services, interface services, human-machine-interface (HMI) services, and/or the like.
- HMI human-machine-interface
- the computational components 130 may comprise any suitable means for implementing computational services, which may include, but are not limited to: a processor, a general-purpose processor, an application-specific processor, an Application-Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), a computing device (e.g., a device comprising a processor, memory, non-transitory storage, a network interface, and/or the like), a monitoring device, an HMI device, a supervisory computing device, a Remote Terminal Unit (RTU), an Intelligent Electronic Device (IED), a control device, a process controller, a microcontroller, control logic, programmable logic, a programmable logic controller (PLC), a controller, a linear controller, a Proportional-Integral-Derivative (PID) controller, a control element, a relay, a protective relay, a safety relay, a switch, an automation controller, a Real-Time Automation Controller (RTAC), and/or the like.
- a processor
- the computational components 130 of the control system 101 may include a controller 132 , an automation controller 134 , and an HMI device 136 .
- the disclosure is not limited in this regard, however, and could be adapted to include any number and/or type of computational components 130 .
- the physical components 140 of the control system 101 may comprise and/or correspond to one or more PPV 155 , as disclosed herein (e.g., one or more physical processes 150 and/or physical process attributes 152 ).
- the physical components 140 may further comprise components configured to implement physical operations, which may include, but are not limited to: sensing, measuring, monitoring, manipulating, actuating, affecting, modifying, managing, regulating, and/or controlling respective PPV 155 (and/or other physical components 140 ).
- the physical components 140 may comprise any suitable means for implementing physical operations, including, but not limited to: mechanical devices, electromechanical devices, electrical devices, solid-state devices, digital devices, analog devices, pneumatic devices, hydraulic devices, monitoring devices, receiver devices, transceiver devices, physical control devices, sensing devices (e.g., sensor devices 144 ), actuation devices (e.g., actuator devices 146 ), and/or the like.
- physical components 140 of the control system 101 may be operatively and/or communicatively coupled to one or more other components 102 of the control system 101 .
- a physical component 140 may be coupled to other physical components 140 of the control system 101 , cyber components 120 of the control system 101 , computational components 130 of the control system 101 , and/or the like (e.g., may be operatively and/or communicatively coupled to the controller 132 , as illustrated in FIG. 1A ).
- a physical component 140 that is operatively and/or communicatively coupled to one or more other components 102 of the control system 101 may be referred to as a “receiver” of the one or more components 102 .
- Physical components 140 of the control system 101 may comprise and/or be coupled to means for interfacing with other components 102 of the control system 101 , which may comprise means for transmitting signals to and/or receiving signals from other components 102 of the control system 101 .
- the means for interfacing may comprise one or more of: a transducer, an analog-to-digital converter (DAC), a receiver, a transmitter, a transceiver, a port, an interface, a communication port, a communication interface, communication media, a network port, a network interface, a network interface device, network communication media, and/or the like.
- one or more physical components 140 of the control system 101 may be directly coupled to one or more other components 102 of the control system 101 .
- the one or more physical components 140 may, for example, be directly coupled to the controller 132 by a direct device-to-device coupling, dedicated communication media, and/or the like.
- one or more physical components 140 of the control system 101 may be operatively and/or communicatively coupled to the CS network 122 by, inter alia, cyber components 120 of the control system 101 (e.g., may comprise and/or be communicatively coupled to the CS network 122 ).
- a physical component 140 that is operatively and/or communicatively coupled to the CS network 122 may be referred to as a “networked” physical component 140 .
- the physical components 140 of the control system 101 may comprise means for performing one or more physical operations, which may include, but are not limited to: sensor devices 144 , actuator devices 146 , and/or the like (e.g., sensor devices 144 A-N and actuator devices 146 A-N, as illustrated in FIG. 1A ).
- a sensor device 144 of the control system 101 may comprise any suitable means for obtaining information pertaining to a PPV 155 , which may include, but is not limited to, one or more of: a SCADA sensor, an active sensor, a passive sensor, a measurement device, a monitoring device, an electromechanical sensor device, an electrical measurement device, a current measurement device, a voltage measurement device, a capacitance measurement device, an inductive sensor, a resistance measurement device, an impedance measurement device, a phase measurement unit (PMU), a magnetic sensor, a magnetic field sensor, an Anisotropic Magneto-Resistive (AMR) sensor, an arc detection device, a Hall effect sensor, a power measurement device, an electrical power measurement device (e.g., a power meter), a light sensor, a color sensor, a photoelectric sensor, an electro-optical radiation sensor, an infra-red sensor, an image capture device, a mechanical measurement device, a mechanical power measurement device, a torque sensor,
- the physical components 140 of the control system 101 may further comprise actuator devices 146 A-N.
- an actuator device 146 of the control system 101 may comprise any suitable means for implementing physical operations pertaining to a PPV 155 .
- An actuator device 146 may comprise, but is not limited to, one or more of: a SCADA actuator, a linear actuator, a rotary actuator, a fluid actuator, a hydraulic actuator, a hydraulic cylinder actuator, a pneumatic actuator, a mechanical actuator, a rack and pinion actuator, a comb drive actuator, a chain actuator, a screw jack actuator, a magnetic actuator, an electric actuator, an electromechanical actuator, an electric motor, a servomechanism, a solenoid, a stepper motor, a torque motor, a shape-memory allow actuator, a switch, a rotary switch, a toggle switch, an electronic switch, an electrically operated switch, a relay, a solid-state relay, an analogue switch, a crossbar switch, a transistor switch, an
- an actuator device 146 may be configured to acquire state information pertaining to one or more PPV 155 (a physical process 150 and/or attribute(s) 152 thereof), the actuator device 146 itself, physical operations implemented by the actuator device 146 , and/or the like.
- the actuator device 146 may be further configured to communicate acquired state information to one or more computational components 130 .
- the actuator device 146 may comprise and/or be coupled to one or more sensor devices 144 , which may be configured to acquire and/or communicate the state information, as disclosed herein. As illustrated in FIG.
- the physical components 140 of the CPCE 105 may comprise one or more actuator devices 146 A-N, each comprising suitable means for implementing physical operations pertaining to a PPV 155 of the CPCE 105 , which may comprise moving, manipulating, regulating, and/or actuating mechanism(s) operatively coupled to the PPV 155 .
- control system 101 may comprise, embody, and/or be configured to implement one or more CPCE 105 .
- Implementing a CPCE 105 may comprise controlling one or more PPV 155 by use of cyber-physical components 102 of the control system 101 .
- a CPCE 105 may, therefore, comprise and/or embody cyber-physical components 102 of the control system 101 . As illustrated in FIG.
- a CPCE 105 may comprise: computational components 130 configured to implement one or more control function(s) pertaining to respective PPV 155 of the CPCE 105 , physical components 140 by which the computational components 130 realize the control function(s), and cyber components 120 by which the computational components 130 of the CPCE 105 may be operatively and/or communicatively coupled to the physical components 140 of the CPCE 105 .
- the computational components 130 of the CPCE 105 illustrated in FIG. 1A may comprise a controller 132 .
- the controller 132 may be configured to implement a control function pertaining to one or more PPV 155 .
- the physical components 140 of the CPCE 105 illustrated in FIG. 1A may, therefore, comprise one or more PPV 155 , and physical components 140 by which the controller 132 senses, measures, monitors, adjusts, manipulates, manages, regulates, and/or otherwise controls the PPV 155 , such as one or more sensor devices 144 A-N, one or more actuator devices 146 A-N, and/or the like.
- the CPCE 105 of FIG. 1A may further comprise cyber components 120 (e.g., cyber nodes 124 ) by which the controller 132 may be operatively and/or communicatively coupled to the physical components 140 of the CPCE 105 .
- the controller 132 may comprise any suitable means for implementing computational and/or control operations, as disclosed herein.
- Implementing the control function of the CPCE 105 may comprise the controller 132 : determining a state of the control function (e.g., a state of PPV 155 of the control function), and determining control decisions in accordance with the determined state.
- the state of a control function of a CPCE 105 may refer to one or more of: a state of the physical components 140 of the CPCE 105 , a state of the PPV 155 of the CPCE 105 , a state of physical components 140 operatively coupled to the PPV 155 (e.g., a state of one or more of the sensor devices 144 A-N, actuator devices 146 A-N, and/or the like), a state of the computational components 130 of the CPCE 105 (e.g., a state of the controller 132 ), a state of cyber components 120 of the CPCE 105 , and/or the like.
- control function of the CPCE 105 may comprise controlling the value of the PPV 155
- implementing the control function may comprise the controller 132 : acquiring a current state of the PPV 155 by use of one or more sensor devices 144 A-N, and determining control decisions to reduce an error between the acquired state of the PPV 155 and a target state or set point.
- the controller 132 may acquire the current state of the PPV 155 by use of one or more sensor devices 144 A-N, and may realize the control decisions by use of one or more actuator devices 146 A-N.
- the controller 132 may be configured to implement a PID control function, which may comprise the controller 132 : acquiring a state of the PPV 155 by use of one or more physical components 140 of the CPCE 105 (e.g., by use of one or more sensor devices 144 A-N), calculating an error value e(t) quantifying deviation between the acquired state of the PPV 155 and a target state, and determining proportional, integral, and/or derivative components of a control output u(t) to minimize the error value e(t) over time (the control output u(t) corresponding to physical operations implemented by, e.g., one or more actuator devices 146 A-N).
- a PID control function may comprise the controller 132 : acquiring a state of the PPV 155 by use of one or more physical components 140 of the CPCE 105 (e.g., by use of one or more sensor devices 144 A-N), calculating an error value e(t) quantifying deviation between the acquired state of
- control function implemented by the controller 132 may comprise a protective function, which may comprise: monitoring a state of the PPV 155 (by use of one or more sensor devices 144 A-N), and determining whether to take one or more protective actions in accordance with the monitored state (the protective actions to be realized by one or more actuator devices 146 A-N).
- the CPCE 105 may implement a protective relay function configured to open a branch breaker in response to detection of a fault state.
- control functions are described herein, the disclosure is not limited in this regard and could be adapted for use with any suitable monitoring and/or control means configured to implement any suitable control, protection, regulation, monitoring, and/or management operations pertaining to any suitable physical process 150 , physical process attribute 152 , and/or PPV 155 .
- the computational components 130 of a CPCE 105 may utilize physical components 140 to implement control function(s) of the CPCE 105 .
- the physical components 140 of the CPCE 105 illustrated in FIG. 1A may comprise one or more sensor devices 144 A-N, which may be configured to: acquire information pertaining to PPV 155 , and/or one or more other physical components 140 of the CPCE 105 , communicate the acquired information to the controller 132 , and so on.
- a sensor device 144 may communicate information acquired thereby using any suitable communication means, including, but not limited to: signals, control signals, control system signals, sensor signals, sensor data signals, device-to-device couplings, packets, data packets, network packets, IP packets, DNP3 packets, SCADA packets, synchrophasors, synchrophasor data, and/or the like.
- one or more of the sensor devices 144 A-N may be coupled to the CS network 122 (e.g., may comprise networked physical components 140 and/or may be coupled to the CS network 122 by one or more cyber components 120 ).
- one or more of the sensor devices 144 A-N may be directly coupled to one or more computational components 130 of a CPCE 105 , as disclosed herein (e.g., may be directly coupled to the controller 132 of the CPCE 105 of FIG. 1A ).
- one or more of the sensor devices 144 A-N may be configured to communicate sensor data to other cyber-physical components 102 of the control system 101 , such as another controller 132 (not shown in FIG. 1A to avoid obscuring details of the illustrated embodiments), an automation controller 134 , an HMI device 136 , and/or the like.
- a sensor device 144 may be adapted to receive and/or implement configuration data, which may comprise configuring the sensor device 144 , configuring communication of acquired data by the sensor device 144 , configure data acquisition of the sensor device 144 (e.g., configure data acquisition frequency, sample period, resolution, etc.), and/or the like.
- the sensor configuration data may be communicated through the CS network 122 , directly from the controller 132 (or other cyber-physical component 102 ), and/or the like.
- the actuator devices 146 A-N of the control system 101 may be configured to implement physical operations, which physical operations may comprise affecting, manipulating, modifying, regulating, protecting, managing, and/or otherwise controlling one or more of: a PPV 155 (e.g., physical process 150 and/or physical process attribute(s) 152 A-N thereof), other physical components 140 , and/or the like.
- the actuation device(s) 146 A-N may be configured to implement physical operations in response to control signal(s), which may comprise, but are not limited to: signals, control signals, control system signals, actuator signals, actuator control signals, commands, actuator commands, messages, packets, data packets, network packets, IP packets, DNP3 packets, SCADA packets, and/or the like.
- one or more of the sensor devices 144 A-N may be coupled to the CS network 122 (e.g., may comprise networked physical components 140 and/or may be coupled to the CS network 122 by one or more cyber components 120 ).
- one or more of the actuator devices 146 A-N may be directly coupled to one or more cyber computational components 130 , as disclosed herein (e.g., may be directly coupled to the controller 132 of the CPCE 105 of FIG. 1A ).
- the controller 132 may utilize one or more of the actuator devices 146 A-N to implement the control function of the CPCE 105 .
- the one or more actuator devices 146 A-N may be configured to implement physical operations in response to control signal(s) from the controller 132 .
- one or more of the actuator devices 146 A-N may be configured to implement physical operations in response to command signal(s) from other cyber-physical components 102 of the control system 101 , such as another controller 132 (not shown in FIG. 1A to avoid obscuring details of the illustrated embodiments), an automation controller 134 , an HMI device 136 , and/or the like.
- an actuator device 146 may be adapted to receive and/or implement configuration data, which may comprise configuring the actuator device 146 , identifying components 102 authorized to issue control signals to the actuator device 146 , configuring a response of the actuator device 146 to control signals, configuring physical operations implemented by the actuator device 146 (e.g., adjusting a control sensitivity, setting a range and/or throw of physical operations), and/or the like.
- the actuator configuration data may be communicated through the CS network 122 , directly from the controller 132 (or other cyber-physical component 102 ), and/or the like.
- the CPCE 105 may comprise and/or be coupled to an automation controller 134 .
- the automation controller 134 may be configured to implement an automation function that involves and/or comprises a plurality of CPCE 105 (other CPCE 105 not shown in FIG. 1A to avoid obscuring details of the illustrated embodiments).
- the automation controller 134 may be configured to monitor, coordinate, manage, and/or control operation of one or more CPCE 105 , which may comprise: configuring cyber components 120 of the CPCE 105 , configuring computational components 130 of the CPCE 105 (e.g., configuring the controller 132 to implement a specified control function, specify a set point for the control function, and/or the like), configuring physical components 140 of the CPCE 105 , monitoring computational components 130 of the CPCE 105 , monitoring physical components 140 of the CPCE 105 (e.g., monitoring sensor and/or actuator devices 144 / 146 of the CPCE 105 ), monitoring PPV 155 of the CPCE 105 (e.g., by use of sensor devices 144 of the CPCE 105 ), controlling physical components 140 of the CPCE 105 (e.g., issuing commands to actuator devices 146 of the CPCE 105 ), and/or the like.
- an automation controller 134 may control one or more
- FIG. 1A depicts an exemplary CPCE 105 comprising particular cyber-physical components 102 of the control system 101 , including in particular: cyber components 120 , computational components 130 , and/or physical components 140
- the disclosure is not limited in this regard and could comprise CPCE 105 comprising any suitable cyber-physical component(s) 102 configured to control any type and/or number of PPV 155 , physical processes 150 , and/or physical process attributes 152 in accordance with any suitable control function.
- cyber-physical components 102 of the control system 101 may be used in multiple CPCE 105
- a computational component 130 may be used to implement a plurality of different CPCE 105
- a sensor device 144 may be configured to provide sensor and/or measurement data to computational components 130 of a plurality of CPCE 105
- an actuator device 146 may be configured to implement physical operation(s) in response to commands from computational components 130 of a plurality of CPCE 105 , and so on.
- the controller 132 may be configured to implement a control function of the CPCE 105 by use of physical components 140 (e.g., by use of one or more sensor and/or actuator devices 144 / 146 ).
- the controller 132 may utilize one or more physical components 140 to: acquire the state of the CPCE 105 (e.g., determine the state of the PPV 155 and/or other physical components 140 of the CPCE 105 ), and realize control decisions pertaining to the PPV 155 .
- the controller 132 may, therefore, be “closely coupled to” and/or have a “physical dependency” on the one or more physical components 140 .
- a “physical dependency” of a CPCE 105 refers to a dependency of a computational component 130 of a CPCE 105 (e.g., the controller 132 ), on one or more physical components 140 of the CPCE 105 .
- a physical component 140 of a CPCE 105 may have a “cyber dependency” on one or more computational components 130 of the CPCE 105 .
- an actuator device 146 of the CPCE 105 of FIG. 1A may be configured to implement physical operations pertaining to the PPV 155 in accordance with control signal(s) generated by the controller 132 of the CPCE 105 .
- the actuator device 146 may, therefore, have a cyber dependency on the controller 132 .
- the actuator device 146 may also have cyber dependencies on cyber components 120 by which the actuator device 146 is operatively and/or communicatively coupled to the controller 132 .
- Dependencies between cyber-physical components 102 of a CPCE 105 may be referred to as “cyber-physical dependencies.”
- 1A may comprise cyber-physical dependencies between the controller 132 and the physical components 140 on which the controller 132 depends to implement control function(s) of the CPCE 105 , which may comprise cyber-physical dependencies between the controller 132 and physical components 140 by which the controller 132 acquires information pertaining to the state of the CPCE 105 , and actuator device(s) by which the controller 132 realizes control operations, and so on, a disclosed herein.
- conventional techniques for securing cyber-physical systems 100 may be configured to prevent and/or detect attacks directed against cyber components 120 (e.g., protect the CS network 122 from external attack).
- Conventional systems may attempt to guarantee security of CS network(s) 122 based on perimeter security (e.g., by securing gateway(s) and/or channel(s) to external networks) and, as such, may operate under the assumption that internal communications are secure and can be trusted.
- some conventional systems may attempt to secure internal communication (e.g., may encrypt and/or sign messages communicated on internal network(s) 122 ). These conventional systems may also monitor physical components 140 to detect known failure modes.
- a “physical” or “component” attack refers to an attack pertaining to particular cyber-physical components 102 .
- Cyber-physical components 102 may be attacked through an external network, the CS network 122 , or through the physical and/or computational environment.
- a physical component 140 may be attacked by, inter alia, altering the physical environment (e.g., moving or obscuring a sensor device 144 ), connecting to local communication means of an actuator device 146 (e.g., an on-board communication port), and/or the like.
- a component attack may further comprise utilizing compromised cyber-physical components 102 to disrupt operation of the control system 101 (and/or one or more CPCE 105 thereof) by, inter alia, implementing “adversarial operations.”
- an “adversarial operation” refers to an operation configured to disrupt and/or interfere with the operation of the control system 101 and/or a CPCE 105 thereof.
- An adversarial operation may comprise causing a cyber-physical component 102 to introduce adversarial signals into the control system 101 , modify response(s) to control signals, modify computational and/or control operations, and/or the like.
- a physical component attack may comprise causing a sensor device 144 to feed adversarial sensor data to a controller 132 , causing an actuator device 146 to change its response to control signals, and so on.
- a component attack may be directed against computational components 130 , which may slow down control operations implemented thereby (e.g., cause the controller 132 to implement higher-priority, computationally intensive tasks), modify the control function(s) implemented by the controller 132 , changing parameters of the control function(s), and/or the like.
- Conventional mechanisms for securing cyber-physical systems 100 may be incapable of detecting component attacks and/or distinguishing such attacks from cyber-attack.
- the adversarial operations (and corresponding adversarial signals) of a component attack may be configured to emulate nominal internal communication and, as such, may not be detected by conventional systems, including conventional systems that attempt to secure internal communications.
- conventional systems may misidentify such anomalies as indicative of a cyber-attack as opposed to an attack directed to particular component(s) 102 of the control system 101 .
- a component attack may result in anomalous cyber behavior within the CS network 122 which may be manifested as, inter alia, anomalous cyber communication corresponding to the adversarial operations performed by compromised components 102 and/or attempts by components 102 of the control system 101 to respond to disruptions caused by such anomalous operations (e.g., changes in communication to/from components 102 of the control system 101 on network(s) 122 of the control system 101 ).
- anomalous cyber communication corresponding to the adversarial operations performed by compromised components 102 and/or attempts by components 102 of the control system 101 to respond to disruptions caused by such anomalous operations (e.g., changes in communication to/from components 102 of the control system 101 on network(s) 122 of the control system 101 ).
- conventional systems may not be capable of distinguishing communications resulted from a component attack from communications indicative of nominal operation.
- messages comprising adversarial signals produced by a compromised sensor device 144 may be similar to messages comprising non-adversarial signals produced by the sensor device 144 during normal operation.
- messages comprising adversarial control signals output by a compromised controller 132 may be similar to messages during nominal operation. It may not be possible, therefore to detect component attacks by conventional cyber health monitoring. Moreover, even if a conventional system were capable of detecting cyber anomalies resulting from a component attack, the conventional system would still be incapable of determining the cause of such cyber anomalies.
- cyber components 120 e.g., cyber security components 123 , such as intrusion detection systems
- cyber components 140 which have no tie to physical components 140 of the control system 101 to which the component attack is directed
- physical components 140 such as sensor devices 144 , actuator devices 146 , and/or the like.
- conventional systems may not be capable of detecting cyber anomalies resulting from component attacks and/or determining the source of such anomalies (e.g., may misidentify the cause of cyber anomalies as a cyber-attack and/or compromise of the CS network 122 , rather than an attack affecting physical components 140 of the control system 101 ).
- Conventional systems may also be incapable of adequately responding to physical anomalies resulting from a component attack.
- Physical anomalies resulting from a component attack may not be detectable by conventional security systems (since communications pertaining to the compromised components are within the CS network 122 , which such systems may assume is secure).
- conventional systems configured to monitor physical components 140 may be incapable of detecting physical anomalies arising due to component attacks.
- the physical anomalies caused by a component attack may not correspond to physical anomalies associated with known failure modes of the physical components 140 of the control system 101 . Therefore, conventional physical health monitoring may be incapable of detecting component attacks.
- the control system 101 may comprise a resilient security (RS) agent 110 .
- the RS agent 110 may comprise and/or be embodied by computational components 130 of the control system 101 , such as a computing device, an RTU, a PLC, a controller 132 , an automation controller 134 , an HMI device 136 , and/or the like.
- the RS agent 110 is implemented on the controller 132 .
- the RS agent 110 may be configured to secure the control system 101 , which may comprise: generating state keys 160 comprising cyber-physical key data corresponding to a current cyber-physical state of the control system 101 (and/or respective regions thereof), communicating the state keys 160 through CPCE 105 of the control system 101 , and determining cyber-physical health metadata 180 pertaining to the control system 101 based on, inter alia, error metrics 175 corresponding to communication of the state keys 160 .
- the RS agent 110 may be configured to generate and/or communicate state keys 160 in accordance with cyber-physical state metadata 111 , which comprise, characterize, define, and/or otherwise indicate a cyber-physical state of the control system 101 .
- the state keys 160 may comprise cyber-physical key data 162 , which may be derived from the current and/or real-time cyber-physical state of the control system 101 .
- the cyber-physical key data 162 may comprise a cyber seed configured to characterize a cyber state of the control system 101 (and/or selected region thereof), and a physical seed configured to characterize a physical state of the control system 101 (and/or selected region thereof). Accordingly, it may be impossible for an attacker to spoof and/or replay state keys 160 .
- state keys 160 may be derived using simple computational techniques, such that generation and communication of the state keys 160 imposes low overhead, and can be implemented by cyber-physical components 102 with minimal computational resources (e.g., by controllers 132 , PLC, and/or the like).
- the state keys 160 communicated by the RS agent 110 may comprise and/or correspond to a cyber-physical state of the control system 101 (and/or respective regions thereof).
- the “cyber-physical state” of a cyber-physical system 100 such as the control system 101 , may refer to a state of cyber-physical components 102 of the control system 101 , which may comprise and/or correspond to: a state of cyber and/or physical services implemented by respective cyber-physical components 102 , a configuration of respective cyber-physical components 102 , utilization of respective cyber-physical components 102 , and/or the like.
- the RS agent 110 may comprise and/or be communicatively coupled to cyber-physical state metadata 111 , which may be configured to comprise, define, and/or characterize the cyber-physical state of the control system 101 (and/or respective regions thereof).
- the cyber-physical state metadata 111 may comprise cyber-state parameters 112 , which may correspond to respective aspects, characteristics, and/or features of the cyber-physical state of the control system 101 .
- the RS agent 110 may be configured to acquire and/or maintain the cyber-physical state metadata 111 (e.g., by acquiring information pertaining to the cyber-physical state of the control system 101 from, inter alia, respective cyber-physical components 102 thereof).
- the RS agent 110 may be communicatively coupled to cyber-physical state metadata 111 acquired by another entity (not shown in FIG. 1A to avoid obscuring details of the disclosed embodiments).
- the cyber-physical state metadata 111 may comprise and/or correspond to a cyber-physical topology 115 of the control system 101 .
- the “cyber-physical topology” 115 of a cyber-physical system 100 may refer to a cyber and/or physical arrangement of the cyber-physical components 102 thereof.
- the cyber-physical topology 115 of the control system 101 may, therefore, be unique to the control system 101 , unique to a particular configuration of the control system 101 , unique to particular cyber-physical state(s) of the control system 101 , and/or the like.
- the cyber-physical topology 115 of the control system 101 may comprise, define, and/or characterize cyber paths 126 of the control system 101 .
- a cyber path 126 refers to means by which respective cyber and/or computational components 120 / 130 of the control system 101 may be operatively and/or communicatively coupled to respective physical components 140 and/or PPV 155 of the control system 101 (and vice versa).
- the cyber-physical topology 115 of the control system 101 illustrated in FIG. 1A may comprise, define, and/or characterize cyber paths 126 by which the controller 132 (and/or other computational components 130 ) may be operatively and/or communicatively coupled to respective sensor and/or actuator devices 144 / 146 .
- a cyber path 126 may comprise one or more cyber components 120 , portions of the CS network 122 , cyber nodes 124 , one or more device-to-device couplings, and/or the like, as disclosed herein.
- the cyber-physical topology 115 may further comprise, define, and/or characterize a physical control topology of the control system 101 , which may comprise information pertaining to physical control couplings and/or or correlational relationships between computational and/or physical components 130 / 140 of the control system 101 and respective PPV 155 (e.g., physical processes 150 and/or physical process attributes 152 ).
- PPV 155 e.g., physical processes 150 and/or physical process attributes 152
- the physical control topology may correspond to couplings between the controller 132 and respective sensor/actuator devices 144 A-N/ 146 A-N, and/or PPV 155 A-N (e.g., may indicate physical couplings between respective sensor/actuator devices 144 A-N/ 146 A-N and respective physical processes 150 and/or physical process attributes 152 ).
- FIG. 1B illustrates embodiments of data structure(s) configured to comprise, define, and/or characterize embodiments of a cyber-physical topology 115 , as disclosed herein.
- the cyber-physical topology 115 of a control system 101 may comprise and/or be embodied by a configuration of the control system 101 (and/or a configuration of respective cyber-physical components 102 of the control system).
- the cyber-physical topology 115 may be represented and/or maintained by use of one or more data structures, such as one or more of the data structures illustrated in FIG. 1B .
- Data structures comprising information pertaining to the cyber-physical topology 115 of a control system 101 may be maintained within any suitable computer-readable medium, including a memory, volatile memory, non-volatile memory, non-volatile storage, firmware, and/or the like.
- the cyber-physical topology 115 may comprise information pertaining to cyber communication within the control system 101 , including information pertaining means by which computational components 130 of the control system 101 are operatively and/or communicatively coupled to respective physical components 140 .
- the cyber-physical topology 115 may comprise and/or represent cyber nodes 124 of the control system 101 (e.g., cyber nodes 124 A-N).
- the cyber-physical topology 115 may, therefore, comprise, represent, and/or correspond to a topology of the CS network 122 .
- the cyber-physical topology 115 illustrated in FIG. 1B may correspond to the control system 101 depicted in FIG. 1A and, as such, may comprise information pertaining to the controller 132 .
- the controller 132 may be communicatively coupled to the CS network 122 and, as such, may comprise and/or correspond to a cyber node 124 A of the CS network 122 .
- the cyber-physical topology 115 may further comprise cyber nodes 124 B-D, which may represent and/or correspond to cyber components 120 by which portions of the CS network 122 are implemented (e.g., may comprise network devices, concentrators, switches, routers, and/or the like).
- the cyber-physical topology 115 may further comprise information pertaining to relationships between physical components 140 of the control system 101 . As illustrated in FIG. 1B , the cyber-physical topology 115 may comprise and/or represent relationships between sensor and/or actuator devices 144 A-N/ 146 A-N and respective PPV 155 (respective physical processes 150 , physical process attributes 152 A-N, and/or the like). The cyber-physical topology 115 may comprise information pertaining to respective sensor devices 144 A-N, and may indicate that one or more of the sensor device(s) 144 A-N are operatively coupled to the physical process 150 (and/or respective physical process attributes 152 A-N thereof).
- the cyber-physical topology 115 may be further configured to indicate PPV 155 capable of being sensed, measured, and/or monitored by respective sensor devices 144 A-N, indicate types of sensor data capable of being acquired by respective sensor devices 144 A-N, and/or the like.
- the cyber-physical topology 115 may identify actuator devices 146 A-N that are operatively coupled to the physical process 150 (and/or respective physical process attributes 152 A-N thereof), indicate PPV 155 capable of being adjusted, manipulated, managed, protected, regulated, managed, and/or otherwise controlled by respective actuator devices 146 A-N, indicate types of physical operations capable of being implemented by the respective actuator devices 146 A-N, and/or the like.
- FIG. 1B illustrates embodiments of a cyber-physical topology 115 comprising particular cyber-physical components 102 , the disclosure is not limited in this regard, and may be adapted for use with any suitable cyber-physical components 102 operatively coupled to any number and/or type of PPV 155 in any suitable configuration.
- the cyber-physical topology 115 may further comprise information pertaining to respective CPCE 105 of the control system 101 .
- a CPCE 105 may comprise a physical control section 149 and a cyber section 129 .
- the physical control section 149 may comprise and/or correspond to cyber-physical components 102 configured to sense, measure, monitor, adjust, manipulate, manage, regulate, and/or otherwise control a PPV 155 of a CPCE 105 (e.g., a physical process 150 and/or one or more physical process attribute(s) 152 thereof).
- the physical control section 149 of a CPCE 105 may comprise computational component(s) 130 configured to implement control functions pertaining to a specified PPV 155 , and physical components 140 by which the control functions may be realized (e.g., a controller 132 configured to implement a control function pertaining to a PPV 155 by use of one or more sensor devices 144 and/or actuator devices 146 ).
- the physical control section 149 of a CPCE 105 may comprise and/or correspond to one or more physical control couplings 148 .
- a “physical process control coupling” or “physical control coupling” 148 refers to a coupling that comprises and/or corresponds control of a PPV 155 by computational and/or physical components 130 / 140 of a CPCE 105 .
- a physical control coupling 148 may, therefore, refer to a coupling that comprises and/or corresponds to a physical process 150 and/or one or more physical process attributes 152 controlled by a CPCE 105 .
- the cyber section 129 of a CPCE 105 may comprise information pertaining to cyber-physical couplings and/or paths 126 between computational component(s) 130 of the CPCE 105 and physical components 140 of the CPCE 105 , including alternative cyber paths (e.g., different routes through the CS network 122 coupling the same components 130 / 140 ).
- the control system 101 of FIG. 1A may comprise a plurality of CPCE 105 A-N, each configured to control respective PPV 155 A-N.
- the CPCE 105 A may be configured to control PPV 155 A, which may comprise and/or correspond to physical process attributes 152 A-B (of the physical process 150 ), and so on, with CPCE 105 N being configured to control PPV 155 N, which may comprise and/or correspond to physical process attribute 152 N.
- the physical control section 149 A of the CPCE 105 A may indicate that the controller 132 is configured to implement control functions pertaining to the PPV 155 A using sensor devices 144 A-B and actuator devices 146 A-B.
- the physical control section 149 N of the CPCE 105 N may indicate that the controller 132 is also configured to implement control functions pertaining to PPV 155 N using sensor device 144 N and actuator device 146 N.
- the cyber sections 129 A-N may comprise information pertaining to cyber-physical couplings and/or paths 126 between computation components 130 of respective CPCE 105 A-N and physical components 140 of the respective CPCE 105 A-N.
- a cyber path 126 may be represented as a sequence of cyber nodes 124 .
- the cyber section 129 A of the CPCE 105 A may comprise a sequence of cyber nodes 124 by which messages may be communicated between the controller 132 (at cyber node 124 A) and cyber nodes 124 coupled to respective physical components 140 of the CPCE 105 A (respective sensor devices 144 A-B, actuator devices 146 A-B, and/or the like, including alternative paths).
- the cyber section 129 N may indicate cyber paths 126 by which the controller 132 may be communicatively coupled to the physical components 140 of the CPCE 105 N (e.g., sensor device 144 N and actuator device 146 N, respectively).
- the cyber-physical topology 115 may further comprise information pertaining to control paths through respective CPCE 105 (cyber-physical control element paths 108 ).
- a “control path” or “cyber-physical control” (CPC) path 108 refers to a path through cyber-physical components 102 of a CPCE 105 that comprises and/or corresponds to the PPV 155 of the CPCE 105 .
- a CPCE 105 may comprise a plurality of CPC path(s) 108 , each corresponding to a respective path by which computational components 130 of the CPCE 105 control a PPV 155 .
- a CPC path 108 may comprise: a first cyber path 126 , a physical control coupling 148 , and a second cyber path 126 .
- the first cyber path 126 may comprise a cyber path 126 between a computational component 130 of the CPCE 105 and the physical control coupling 148
- the second cyber path 126 may comprise a cyber path 126 from the physical control coupling 148 back to the computational component 130 .
- a physical control coupling 148 refers to a coupling that comprises and/or corresponds to a PPV 155 of a CPCE 105 (e.g., a physical process 150 and/or one or more attributes 152 thereof).
- a physical control coupling 148 may comprise a coupling between physical components 140 of the CPCE 105 that passes through and/or across the PPV 155 (e.g., may comprise a path from an actuator device 146 to a sensor device 144 by, across, and/or through the PPV 155 ).
- a physical control coupling 148 may comprise a correlation between the PPV 155 and one or more cyber-physical components 102 operatively coupled thereto (e.g., may comprise correlation(s) between a state of the PPV 155 and/or a state of one or more physical components 140 operatively coupled thereto).
- a CPC path 108 may refer to a cyber path comprising one or more cyber paths 126 of the CPCE 105 , and one or more physical couplings 148 of the CPCE 105 (the physical couplings 148 comprising and/or corresponding to respective PPV 155 of the CPCE 105 ).
- FIG. 1B depicts an exemplary CPC path 108 of the CPCE 105 A (labeled 108 ⁇ 105 A ⁇ in FIG. 1B ).
- the CPC path 108 illustrated in FIG. 1B may comprise: a first cyber path 126 through the cyber section 129 A of the CPCE 105 A (e.g., a first cyber path 126 from the controller 132 to the actuator device 146 B), a physical control coupling 148 through the physical control section 149 A of the CPCE 105 A (e.g., a physical coupling 148 from the actuator device 146 B to the sensor device 144 A by, across, and/or through physical process attribute 152 A), and a second cyber path 126 through the cyber section 129 A (e.g., a second cyber path 126 from the sensor device 144 B back to the controller 132 ).
- a first cyber path 126 through the cyber section 129 A of the CPCE 105 A e.g., a first cyber path 126 from the
- the RS agent 110 may be configured to determine and/or evaluate a cyber and/or physical state of the control system 101 by use of and/or in accordance with, inter alia, cyber-physical state metadata 111 .
- the RS agent 110 may be configured to generate state keys 160 , which may comprise key data corresponding to the cyber-physical state of the control system 101 .
- the RS agent 110 may be further configured to communicate the state keys 160 through respective CPCE 105 of the control system 101 (in accordance with the cyber-physical topology 115 of the control system 101 , as disclosed above), obtain validation data 171 in response to communication of respective state keys 160 , and determine cyber-physical health metadata 180 pertaining to the control system 101 by, inter alia, comparing respective state keys 160 to corresponding validation data 171 .
- FIG. 2 is a schematic block diagram of one embodiment of an RS agent 110 , as disclosed herein.
- the RS agent 110 may comprise, be embodied by, and/or be coupled to computing resources 201 , which may include, but are not limited to: processing resources 202 , storage resources 204 , cyber communication resources 206 , and/or the like.
- the processing resources 202 may comprise any suitable means for implementing computational services, as disclosed herein (e.g., a processor, general-purpose processor, ASIC, programmable logic, a PLC, and/or the like).
- the storage resources 204 may comprise any suitable means for storing and/or maintaining data, such as volatile memory, random access memory (RAM), static RAM (SRAM), dynamic RAM (DRAM), non-volatile memory, battery-backed RAM, non-volatile storage resources, non-transitory storage resources, a non-transitory storage device, a non-transitory storage medium, a solid-state storage device, a solid-state storage medium, and/or the like.
- the cyber communication resources 206 may comprise any suitable means for communicatively and/or operatively coupling the RS agent 110 to the CS network 122 , such as a network interface, a network interface device, and/or the like.
- RS agent 110 may be embodied as hardware components, such as the computing resources 201 disclosed above.
- the RS agent 110 (and/or portions thereof) may be embodied as computer-readable instructions 205 stored within the non-transitory storage resources 206 .
- the computer-readable instructions 205 may be configured for execution by the processing resources 202 of the RS agent 110 , which execution may cause the RS agent 110 to implement operations for securing a control system 101 , as disclosed herein.
- the RS agent 110 may be configured to communicate state keys 160 through selected regions of the control system 101 .
- the state keys 160 may comprise and/or be derived from the cyber-physical state of the control system 101 , as indicated by cyber-physical state metadata 111 .
- the cyber-physical state metadata 111 may comprise, inter alia, cyber state metadata 220 .
- the cyber state metadata 220 may be configured to comprise, define, and/or characterize a cyber state of the control system 101 .
- the “cyber state” of a cyber-physical system 100 may refer to one or more of: a cyber state of one or more components 102 of the control system 101 , a state of cyber components 120 of the control system 101 , a configuration of cyber components 120 , a utilization of cyber components 120 (e.g., utilization of particular cyber components 120 and/or cyber nodes 124 ), a state of the CS network 122 , a utilization of the CS network 122 , a configuration of the CS network 122 , and/or the like.
- a cyber state of one or more components 102 of the control system 101 a state of cyber components 120 of the control system 101 , a configuration of cyber components 120 , a utilization of cyber components 120 (e.g., utilization of particular cyber components 120 and/or cyber nodes 124 ), a state of the CS network 122 , a utilization of the CS network 122 , a configuration of the CS network 122 , and/or the like.
- the cyber state metadata 220 may comprise, define, and/or characterize a cyber state at one or more cyber nodes (cyber nodes 124 ) of the control system 101 .
- the cyber state metadata 220 may comprise, define, and/or characterize any suitable aspect of cyber communication at a cyber node 124 .
- the cyber state metadata 220 may comprise statistical characteristics of cyber communication at particular cyber nodes 124 , which characteristics may include, but are not limited to: communication speed, mean time delta between messages, mean message latency, number of messages per destination, number of message sources, mean message size, number of zero size messages, mean data length, maximum data length, data speed, and/or the like.
- the cyber state metadata 220 may comprise parameters 222 corresponding to cyber communication between particular cyber nodes 124 (e.g., communication between a controller 132 and one or more sensor devices 144 , actuator devices 146 , automation controllers 134 , and/or the like), which may include, but are not limited to: communication speed to/from the nodes 124 , mean time delta between messages to/from the nodes 124 , latency of messages communicated between the nodes 124 , mean size of messages communicated between the nodes 124 , and/or the like.
- particular cyber nodes 124 e.g., communication between a controller 132 and one or more sensor devices 144 , actuator devices 146 , automation controllers 134 , and/or the like
- communication speed to/from the nodes 124 e.g., mean time delta between messages to/from the nodes 124 , latency of messages communicated between the nodes 124 , mean size of messages communicated between the nodes 124 , and/or the like.
- cyber state metadata 220 and/or cyber state parameters 222 are described herein, the disclosure is not limited in this regard, and could be adapted to utilize any suitable information pertaining to a cyber state of a cyber-physical system 100 , including acquiring, estimating, determining, and/or monitoring any suitable type of cyber state parameter 222 pertaining to any suitable characteristic and/or aspect of the cyber state of the control system 101 .
- the cyber state metadata 220 may comprise, define, and/or characterize a cyber state of respective CPCE 105 of the control system 101 .
- the cyber state of a CPCE 105 may refer to a cyber state of cyber-physical components 102 of the CPCE 105 (e.g., a cyber state of cyber components 120 by which computational components 130 of the CPCE 105 are coupled to physical components of the CPCE 105 , a state of the cyber section 129 of the CPCE 105 , and/or the like, as disclosed herein).
- the cyber state of a CPCE 105 may, therefore, comprise and/or correspond to a subset of the cyber state of the control system 101 .
- the cyber state of a CPCE 105 may be comprised, defined, and/or characterized by the state of cyber communication at cyber nodes 124 by which computational components 130 of the CPCE 105 are operatively and/or communicatively coupled to physical components of the CPCE 105 .
- the cyber-physical state metadata 111 may further comprise physical state metadata 240 , which may comprise, define, and/or characterize a physical state of the control system 101 .
- the “physical state” of a cyber-physical system 100 such as a control system 101 as disclosed herein, may refer to one or more of: a physical state of one or more cyber-physical components 102 of the control system 101 , a state of physical components 140 of the control system 101 (e.g., a state of one or more of a physical process 150 , physical process attributes 152 , sensor devices 144 , actuator devices 146 , and/or the like), a configuration of physical components 140 (e.g., a configuration of one or more sensor and/or actuator devices 144 / 146 ), a utilization of physical components 140 (e.g., utilization of one or more sensor and/or actuator devices 144 / 146 ), a state of physical operations implemented by physical components 140 of the control system (e.g., a state of
- the physical state metadata 240 may comprise parameters (physical state parameters 242 ), which may comprise, define, and/or characterize: the physical state of the control system 101 , particular cyber-physical components 102 , particular physical components 140 , particular regions of the control system 101 , particular CPCE 105 , particular CPC paths 108 , particular physical control couplings 148 , and/or the like.
- parameters physical state parameters 242 , which may comprise, define, and/or characterize: the physical state of the control system 101 , particular cyber-physical components 102 , particular physical components 140 , particular regions of the control system 101 , particular CPCE 105 , particular CPC paths 108 , particular physical control couplings 148 , and/or the like.
- the physical state metadata 240 may comprise, define, and/or characterize the physical state of one or more sensor devices 144 A-N of the control system 101 .
- the physical state metadata 240 pertaining to a sensor device 144 may comprise any suitable information pertaining to the sensor device 144 including, but not limited to: a configuration of the sensor device 144 , data acquired by the sensor device 144 , characteristics of the acquired sensor data, diagnostic data, and/or the like.
- the physical state metadata 240 pertaining to a sensor device 144 may comprise any suitable information pertaining to the configuration of the sensor device 144 , as disclosed herein (e.g., a frequency at which the sensor device 144 is configured to acquire sensor data, acquisition period, resolution, communication settings, and/or the like).
- the physical state metadata 240 may further comprise information pertaining to data acquired by a sensor device 144 , which may comprise sensor and/or measurement data pertaining to a particular physical process 150 , physical process attribute 152 , particular physical components 140 , and/or the like.
- the physical state metadata 240 may further comprise characteristics of data acquired by a sensor device 144 , which may include, but are not limited to: a maximum value of the sensor data, a minimum value of the sensor data, a distribution of the sensor data, statistical properties of the sensor data (e.g., a mean, deviation, and/or variance of the sensor data), and/or the like.
- the physical state metadata 240 may also include diagnostic data pertaining to the sensor device 144 , which may comprise a status of the sensor device 144 , an error rate of sensor data acquired by the sensor device 144 , a condition of the sensor device 144 , and/or the like.
- the physical state metadata 240 may further comprise, define, and/or characterize the physical state of one or more actuator devices 146 A-N of the control system 101 .
- the physical state metadata 240 pertaining to an actuator device 146 may comprise any suitable information pertaining to the actuator device 146 including, but not limited to: a configuration of the actuator device 146 , physical operations implemented by the actuator device 146 , diagnostic data, and/or the like.
- the physical state metadata 240 may comprise any suitable information pertaining to the configuration of an actuator device 146 , as disclosed herein (e.g., response of the actuator device 146 to control signals, sensitivity of the actuator device 146 , and/or the like).
- the physical state metadata 240 may indicate a degree to which the actuator device 146 is configured to modulate a particular physical process 150 and/or physical process attribute 152 .
- the physical state of an actuator device 146 comprising a protecting relay may indicate whether the protective relay is open or closed.
- the physical state of an actuator device 146 comprising a valve control device may indicate a degree to which the valve control device is open (e.g., fully open, 40% open, fully closed, or the like).
- the physical state of an actuator device 146 configured to supply power to an electric motor may indicate an amount of power being currently being supplied thereto (e.g., 100% power, 40% power, no power, wattage, and/or the like).
- the physical state metadata 240 may further comprise diagnostic information pertaining to the actuator device 146 comprise a status of the actuator device 146 , a condition of the actuator device 146 , and/or the like.
- the physical state metadata 240 pertaining to an actuator device 146 may further comprise sensor data pertaining to the actuator device 146 and/or physical processes 150 coupled thereto, such as temperature, power draw, load, efficiency, and/or the like.
- the physical state metadata 240 may further comprise and/or characterize a physical state of computational components 130 on which one or more physical components 140 depend (e.g., computational components 130 that are tightly coupled to one or more physical components 140 , as disclosed herein).
- the physical state metadata 240 may be configured to characterize operation of the controller 132 of the CPCE 105 of FIG. 1A , such as a response time of the controller 132 to sensor data acquired by one or more of the sensor devices 144 A-N, a response time of a control function of the controller 132 (e.g., time between acquisition of sensor data and corresponding control operations), a latency for communication of control signal(s) to one or more actuator devices 146 A-N, and/or the like.
- the physical state metadata 240 may be further configured to define and/or characterize the state of one or more physical processes 150 and/or physical process attributes 152 .
- Physical state parameters 242 characterizing the state of a physical process 150 and/or physical process attribute 152 may comprise and/or correspond to a physical state of one or more components 102 operatively coupled thereto (e.g., the state of one or more sensor devices 144 A-N, actuator devices 146 A-N, computational components 130 , and/or the like).
- the physical state parameters 242 pertaining to a physical process 150 may include, but are not limited to: sensor data acquired one or more sensor devices 144 A-N operatively coupled to the physical process 150 , characteristics of the acquired sensor data, physical operations implemented by one or more actuator devices 146 A-N operatively coupled to the physical process 150 , characteristics of the physical operations, and/or the like.
- the physical state parameters 242 pertaining to a physical process attribute 152 may include, but are not limited to: sensor data acquired one or more sensor devices 144 A-N operatively coupled to the physical process attribute 152 , characteristics of the acquired sensor data, physical operations implemented by one or more actuator devices 146 A-N operatively coupled to the physical process attribute 152 , characteristics of the physical operations, and/or the like.
- physical state metadata 240 may be further configured to comprise, define, and/or characterize a physical state of respective CPCE 105 of the control system 101 .
- the physical state of a CPCE 105 refers to a physical state of cyber-physical components 102 of the CPCE 105 (e.g., a physical state of cyber-physical components 102 involved in the implementation of the CPCE 105 , as disclosed herein), a physical state of the PPV 155 of the CPCE 105 , and/or the like.
- the physical state of the CPCE 105 A illustrated in FIG. 1B may comprise and/or correspond to a physical state of one or more of the sensor devices 144 A-B and/or actuator devices 146 A-B.
- the physical state of the CPCE 105 A may further comprise and/or correspond to one or more of: a physical state of the PPV 155 A (e.g., the physical process 150 and/or physical process attributes 152 A-B), a physical state of the controller 132 , and/or the like, as disclosed herein.
- a physical state of the PPV 155 A e.g., the physical process 150 and/or physical process attributes 152 A-B
- a physical state of the controller 132 e.g., the physical process 150 and/or physical process attributes 152 A-B
- the RS agent 110 may be communicatively coupled to cyber-physical state metadata 111 acquired by, inter alia, a state acquisition component 210 .
- the state acquisition component 210 may comprise any suitable means for acquiring cyber-physical state metadata 111 , as disclosed herein.
- the state acquisition component 210 may comprise a computational component 130 and/or computer-readable instructions stored on a non-transitory storage medium, the instructions configured to cause the computational component 130 to acquire and/or maintain cyber-physical state metadata 111 , as disclosed herein.
- the state acquisition component 210 may comprise one or more of a state monitor, state estimator, a state observer, and/or the like.
- the RS agent 110 is configured to acquire the cyber-physical state of the control system 101 (and/or respective CPCE 105 thereof), which may comprise: determining, estimating, and/or acquiring and/or maintaining cyber-physical state metadata 111 pertaining to the control system 101 (and/or respective CPCE 105 thereof).
- the RS agent 110 may be configured to determine, estimate, and/or otherwise acquire: a cyber state of the control system 101 (e.g., cyber state metadata 220 ), a physical state of the control system 101 (e.g., physical state metadata 240 ), and/or the like.
- the RS agent 110 may be configured to acquire information pertaining to a cyber and/or physical state of the control system 101 by, inter alia, requesting cyber and/or physical state information from respective cyber-physical components 102 of the control system 101 , monitoring cyber-physical components 102 of the control system 101 , monitoring message(s) communicated on the CS network 122 (e.g., message sniffing, message sampling, packet inspection, deep packet inspection, and/or the like), monitoring sensor data communicated to computational components 130 of the control system 101 (from one or more physical components 140 ), monitoring control signals communicated from computational components 130 of the control system 101 (to one or more physical components 140 ), and/or the like.
- the RS agent 110 may be further configured to determine and/or estimate the cyber and/or physical state of the control system 101 by use of the acquired information.
- the RS agent 110 (and/or state acquisition component 210 ) may be configured to maintain and/or determine one or more cyber-physical state signatures 118 .
- a “cyber-physical state signature” (CPSS) 118 refers to a signature configured to comprise, characterize, validate, authenticate, correspond to, and/or be derived from the cyber and/or physical state of a cyber-physical system 100 (and/or a portion thereof), such as the control system 101 , as disclosed herein.
- a CPSS 118 may comprise a signature configured to comprise, characterize, validate, authenticate, correspond to, and/or be derived from cyber-physical state metadata 111 of the control system 101 (and/or portion(s) thereof).
- a CPSS 118 may comprise and/or refer to one or more of: a cyber state signature 228 , a physical state signature 248 , and/or the like.
- a cyber state signature 228 refers to a CPSS 118 configured to comprise, characterize, validate, authenticate, correspond to, and/or be derived from cyber state metadata 220 of the control system 101 (and/or portion(s) thereof).
- a physical state signature 248 refers to a CPSS 118 configured to comprise, characterize, validate, authenticate, correspond to, and/or be derived from physical state metadata 240 of the control system 101 (and/or portion(s) thereof).
- a CPSS 118 may be generated by, inter alia, applying a signature generating function to selected portions of the cyber-physical state metadata 111 .
- the signature generating function may comprise any suitable means for generating a signature, including but not limited to: a cryptographic signature function, a non-cryptographic signature function, a checksum, a hash function, a cryptographic hash function, a non-cryptographic hash function, a piecewise hash function, a Context Triggered Piecewise Hash (CTPH) function, a fuzzy hash function, a Nilsimsa hash function, and/or the like.
- CTPH Context Triggered Piecewise Hash
- Deriving a CPSS 118 may comprise: serializing the cyber-physical state metadata 111 and/or selected portion(s) thereof (e.g., serializing data structure(s) comprising the cyber-physical state metadata 111 , cyber state metadata 220 , physical state metadata 240 , selected portion(s) thereof, and/or the like), and applying a signature generation function to the serialized data.
- Generating a cyber state signature 228 may comprise: serializing the cyber state metadata 220 and/or portion(s) thereof, and applying a signature generation function to the serialized data.
- Generating a physical state signature 248 may comprise: serializing the physical state metadata 240 and/or portion(s) thereof, and applying a signature generation function to the serialized data.
- the RS agent 110 may be configured to generate CPSS 118 in accordance with a signature schema 116 (disclosed in further detail herein), such that portions of a CPSS 118 may be correlated to particular portions of the cyber-physical state metadata 111 (and/or other CPSS 118 ).
- the RS agent 110 may be configured to generate CPSS 118 in accordance with a CTPH signature generating function, which may comprise: A) initializing a rolling hash function and a non-rolling hash function, B) feeding the serialized data to each of the rolling hash function and the non-rolling hash function, C) in response to the rolling hash function producing a predetermined trigger value: recording at least a portion of the current state of the non-rolling hash function in the signature output, and continuing back at (A).
- a CTPH signature generating function which may comprise: A) initializing a rolling hash function and a non-rolling hash function, B) feeding the serialized data to each of the rolling hash function and the non-rolling hash function, C) in response to the rolling hash function producing a predetermined trigger value: recording at least a portion of the current state of the non-rolling hash function in the signature output, and continuing back at (A).
- the rolling hash function r comprises x, y, z, c, and window parameters, wherein x, y, z, and c are initialized to zero; window is an array of N values (each initialized to zero); and the rolling hash is updated in response to a byte d, in accordance with the following pseudo code:
- the non-rolling hash function may comprise any suitable means for computing a non-rolling hash value including, but not limited to: a cryptographic hash function, a non-cryptographic hash function, and/or the like.
- the non-rolling hash function may comprise one or more of an MD5 hash function, a Fowler-Noll-Vo (FNV) hash function, and/or the like.
- the trigger of the rolling hash function may correspond to a size and/or organization of the cyber-physical state metadata 111 , the cyber-physical topology 115 , a signature schema 116 (disclosed in further detail herein), and/or the like.
- the RS agent 110 may be further configured to derive a CPSS 118 (state sig) from cyber and/or physical state metadata (state metadata) at each of two block sizes b and b*2, in accordance with the following pseudo code:
- CPSS 118 may correspond to respective portions of the control system 101 .
- the RS agent 110 may comprise and/or maintain a plurality of CPSS 118 , each CPSS 118 corresponding to a cyber and/or physical state of a respective portion(s) of the control system 101 (and/or respective portion of the cyber-physical state metadata 111 ).
- portion(s) of a CPSS 118 may correspond to portion(s) of the control system 101 (and/or portion(s) of the cyber-physical state metadata 111 ).
- the RS agent 110 may be configured to generate and/or manage CPSS 118 in accordance with a signature schema 116 .
- a signature schema 116 refers to means by which CPSS 118 may be correlated with respective portions of the control system 101 (e.g., particular cyber-physical components 102 , CPCE 105 , CPC paths 108 , CPCE sections 109 , and/or the like), portions of the cyber-physical state metadata 111 , and/or other CPSS 118 .
- the cyber-physical topology 115 may, therefore, comprise and/or correspond to the signature schema 116 .
- the signature schema 116 may define a scheme by which CPSS 118 are generated from cyber-physical state metadata 111 .
- the signature schema 116 may specify cyber-physical state metadata 111 to incorporate into one or more CPSS 118 , determine a manner in which the specified cyber-physical state metadata 111 are serialized, specify a configuration of the signature generation function by which the CPSS 118 are derived from the serialized data, and/or the like.
- the signature schema 116 may be configured to correlate particular CPSS 118 (and/or portions thereof) with the cyber-physical state metadata 111 from which the particular CPSS 118 were derived.
- the signature schema 116 may be further configured to correlate CPSS 118 (and/or portions thereof) with portions of the control system 101 (e.g., portions of the control system 101 corresponding to the cyber-physical state metadata 111 from which the CPSS 118 were derived).
- the signature schema 116 may be configured to correlate CPSS 118 by, inter alia, identifying the cyber-physical state metadata 111 from which respective CPSS 118 were derived, and correlating the identified cyber-physical state metadata 111 to the cyber-physical components 102 , CPCE 105 , CPC paths 108 , and/or CPCE sections 109 characterized thereby.
- FIG. 3A illustrates embodiments of data structure(s) comprising embodiments of cyber-physical state metadata 111 and/or signature schema 116 , as disclosed herein.
- the cyber-physical state metadata 111 of the FIG. 3A embodiment may correspond to the cyber-physical topology 115 illustrated in FIG. 1B .
- the cyber-physical state metadata 111 illustrated in FIG. 3A may comprise, define, and/or characterize a cyber and/or physical state of CPCE 105 A (cyber-physical state metadata 111 pertaining to other portions of the control system 101 , such as CPCE 105 N are omitted to avoid obscuring details of the disclosed embodiments).
- CPCE 105 A separator characterize a cyber and/or physical state of CPCE 105 A
- FIG. 3A illustrates embodiments of data structure(s) comprising embodiments of cyber-physical state metadata 111 and/or signature schema 116 , as disclosed herein.
- the cyber-physical state metadata 111 of the FIG. 3A embodiment may correspond to the cyber
- the cyber-physical state metadata 111 may comprise cyber state metadata 220 and physical state metadata 240 , as disclosed herein.
- the cyber state metadata 220 may comprise, define, and/or characterize a cyber state of the CPCE 105 A (e.g., a state of the cyber section 129 A of CPCE 105 A).
- the cyber state metadata 220 may comprise information pertaining to a state of respective cyber regions of the control system 101 .
- a “cyber region” refers to particular cyber components 120 (e.g., cyber nodes 124 ), CPCE 105 , CPE paths 108 , CPCE sections 109 , cyber paths 126 , and/or the like.
- the cyber state metadata 220 may comprise information pertaining to a state of the cyber section 129 A of CPCE 105 A.
- the cyber state metadata 220 A may comprise, define, and/or characterize a state of cyber communication at cyber node 124 A (e.g., at the controller 132 ) by use of any suitable information, as disclosed herein.
- the cyber state metadata 220 A may comprise cyber state parameters 212 , which may comprise and/or correspond to statistical characteristics of cyber communication at cyber node 124 A, as disclosed herein (e.g., time between packets, packet latency, number of packets per destination, and/or the like).
- the cyber state parameters 212 of the cyber state metadata 220 A may further comprise information pertaining to acquisition of the cyber state metadata 220 A (e.g., may indicate an age of the cyber state metadata 220 A, particular cyber state parameters 212 , and/or the like).
- the cyber state metadata 220 B-E may comprise, define, and/or characterize a state of cyber communication at cyber nodes 124 B-E, respectively (individual cyber state parameters 212 of 220 B-E not shown in FIG. 1B to avoid obscuring details of the illustrated embodiments).
- the cyber state metadata 220 may be configured to maintain information pertaining to a state of cyber regions comprising a plurality of cyber components 120 (and/or cyber nodes 124 ), such as information pertaining to particular cyber paths 126 , CPCE cyber sections 129 , and/or the like.
- the cyber state metadata 220 F may comprise, define, and/or characterize a state of cyber communication between the controller 132 and sensor device 144 B and, as such, may comprise cyber state parameters 212 as disclosed above and/or cyber state parameters 212 pertaining to packet speed, data speed, and/or latency for cyber communication therebetween (e.g., a state of cyber paths 126 comprising cyber nodes 124 A, 124 B, and/or 124 C).
- the cyber state metadata 220 G may comprise information pertaining to cyber communication between the controller and sensor device 144 A (e.g., cyber paths 126 comprising cyber nodes 124 A, 124 B, 124 C, and/or 124 D).
- Cyber state metadata 220 H may comprise information pertaining to cyber communication between the controller 132 and actuator devices 146 A-B (e.g., cyber paths 126 comprising cyber nodes 124 A and 124 E), and so on.
- the cyber state metadata 220 I may comprise information pertaining to the state of the cyber section 129 A of CPCE 105 A, including the respective cyber nodes 124 A-E and/or respective cyber paths 126 coupling the controller 132 to respective physical components 140 (e.g., sensor devices 144 A-B and actuator devices 146 A-B).
- cyber state metadata 220 Z may comprise information pertaining to a cyber state of the control system 101 , including the cyber state of the CS network 122 , respective CPCE 105 , CPCE paths 108 , cyber sections 129 , the CS network 122 , and/or the like.
- the physical state metadata 240 illustrated in FIG. 3A may comprise, define, and/or characterize the state of, inter alia, the physical control section 149 A of CPCE 105 A (e.g., the physical state of cyber-physical components 102 of the physical control section 149 A, such as the sensor devices 144 A-B, actuator devices 146 A-B, and/or the like).
- the physical state metadata 240 A may comprise, define, and/or characterize a physical state of the sensor device 144 A by use of any suitable physical state information, as disclosed herein.
- the physical state metadata 240 A may comprise physical state parameters 242 , which may comprise and/or correspond to one or more of: sensor data acquired by the sensor device 144 A, a distribution of the acquired sensor data (e.g., an average, mean, maximum, minimum, and/or deviation of the acquired sensor data), a configuration of the sensor device 144 A (e.g., sensor acquisition frequency), and/or the like.
- the physical state metadata 240 A may further comprise acquisition parameters 242 , which may comprise information pertaining to the acquisition of the physical state metadata 240 A (and/or respective physical parameters 242 thereof), as disclosed herein.
- the physical state metadata 240 B may comprise, define, and/or characterize a physical state of the sensor device 144 B.
- the physical state metadata 240 B may comprise a plurality of physical state parameters 242 , as disclosed above (individual physical state parameters 242 not shown to avoid obscuring details of the disclosed embodiments).
- the physical state metadata 240 C may comprise, define, and/or characterize a state of the actuator device 146 A by use of any suitable physical state information, as disclosed herein.
- the physical state metadata 240 C may comprise physical state parameters 242 , which may comprise and/or correspond to one or more of: an actuation status of the actuator device 144 A (e.g., a status and/or state of physical operations implemented by the actuator device 144 A), actuator data, and/or the like.
- the actuator data may comprise information pertaining to the actuator device 144 A, such as a configuration of the actuator device 144 A, a temperature of the actuator device 144 A, a load on the actuator device 144 A, diagnostics, and/or the like.
- the physical state metadata 240 B may comprise, define, and/or characterize a physical state of actuator device 146 B.
- the physical state metadata 240 D may comprise a plurality of physical state parameters 242 , as disclosed above (individual physical state parameters 242 not shown to avoid obscuring details of the disclosed embodiments).
- the physical state metadata 240 may further comprise physical state metadata 240 E, which may comprise, define, and/or characterize a physical state of computational components 130 of the CPCE 105 A (e.g., a physical state of the controller 132 ).
- the physical state metadata 240 E may comprise any suitable information pertaining to the physical state of the controller 132 , including physical state parameters 242 comprising and/or corresponding to one or more of: the control function implemented by the controller 132 (e.g., parameters of the control function, a target for the physical process attribute 152 A, and/or the like), an input state of the controller 132 (e.g., a state of input data received at the controller 132 , which may comprise and/or correspond to sensor data communicated to the controller 132 from the sensor device 144 A), an output state of the controller 132 (e.g., control directives and/or signals output by the controller 132 to the actuator device 144 A), a computational latency of the controller 132 (e.g., time required to perform computational and/or control operations), and/or the like.
- the control function implemented by the controller 132 e.g., parameters of the control function, a target for the physical process attribute 152 A, and/or the like
- an input state of the controller 132
- the physical state metadata 240 may further comprise information pertaining to a physical state of respective physical control regions.
- a “physical control region” refers to particular computational computation components 130 , physical components 140 , and/or PPV 155 (e.g., computational and/or physical components 130 / 140 of respective CPCE 105 , CPC paths 108 , physical control sections 149 , and/or the like).
- the physical state metadata 240 F may be configured to characterize a state of physical control section 149 A and, as such, may comprise and/or correspond to physical state metadata 240 A-E.
- the physical state metadata 240 Z may be configured to characterize a physical state of the control system 101 and, as such, may comprise and/or correspond to physical state information pertaining to substantially all of the physical and/or computational components 140 / 130 of the control system, respective CPCE 105 , CPCE paths 108 , physical couplings 148 , physical control sections 149 , and/or PPV 155 of the control system 101 .
- the physical state metadata 220 may further comprise information pertaining to physical control couplings 148 and/or physical control sections 149 of respective CPCE 105 .
- FIG. 3A illustrates embodiments of physical control metadata 249 pertaining to the physical control section 149 A of CPCE 105 A.
- the physical control metadata 249 is organized with physical state metadata 240 E pertaining to the controller 132 of CPE 105 A.
- the disclosure is not limited in this regard, however, and could be configured to maintain physical control metadata 249 in any suitable means, location, and/or data structure.
- physical control metadata 249 refers to information pertaining the control of particular PPV 155 by particular computational and/or physical components 130 / 140 .
- Physical control metadata 249 may comprise a physical control model configured to, inter alia, correlate a state a PPV 155 with control inputs and/or outputs.
- Physical control metadata 249 may comprise a mathematical model by which the state of actuator devices 146 coupled to the PPV 155 may be correlated with the state of sensor devices 144 coupled to the PPV 155 (and vice versa).
- Physical control metadata 249 may correspond to control function(s) pertaining to the PPV 155 (e.g., may correspond to the transfer function and/or other control model by which a controller 132 determines control outputs for one or more actuator devices 146 in response to control inputs and/or feedback pertaining to the PPV 155 , received from the sensor and/or actuator devices 144 / 146 ).
- Physical control metadata 249 may provide for verifying a state of a physical control coupling 148 , which may comprise determining whether the physical state of the PPV 155 as indicated by the sensor device(s) 144 coupled thereto is consistent with the physical state of the PPV 155 as indicated by the actuator device(s) 146 coupled thereto (and vice versa).
- the PPV 155 of a physical control coupling 148 may comprise a motor.
- Sensor devices 144 coupled to the motor may indicate an amount of mechanical power being output by the motor (e.g., may indicate a speed of the motor in rotations per minute (RPM), load on the motor, torque, and/or the like).
- An actuator device 146 coupled to the motor may selectively couple the motor to an electrical power source and, as such, the state of the actuator device 146 may indicate an amount of power being supplied to the motor.
- the physical control metadata 249 may indicate that the output power of the motor (as indicated by the sensor devices 144 ) should be within a specified range of the input power (as indicated by the state of the actuator device 146 ). Inconsistencies may indicate compromise of one or more of the computational and/or physical components 140 (one or more of the controller 132 , sensor and/or actuator devices 144 / 146 ), failure of one or more of the physical components 140 (and/or the PPV 155 itself), and/or the like.
- the PPV 155 of a physical control coupling 148 may comprise a protective relay configured to, inter alia, control branch breakers coupled to one or more generators, one or more loads, and/or the like.
- the state of the sensor and/or actuator devices 144 / 146 may indicate whether generators and/or loads are in phase with one another, whether one or more the branches is experiencing a fault (e.g., a ground fault, phase-to-phase fault), and/or the like.
- the physical control metadata 249 may indicate whether the state of the PPV 155 is consistent with the control functions thereof (e.g., may model the protection function implemented by the corresponding controller, which may indicate that out-of-phase conditions return to stability within threshold period(s) of time, grounded branches are tripped within threshold period(s) of time, and/or the like).
- generating CPSS 118 in accordance with the signature schema 116 may comprise generating CPSS 118 corresponding to particular regions of the control system 101 (e.g., cyber-physical components 102 , CPCE 105 , CPC paths 108 , CPCE sections 109 , and/or the like).
- Generating a CPSS 118 corresponding to particular cyber-physical components 102 of the control system 101 may comprise: identifying portion(s) of the cyber-physical state metadata 111 pertaining to the particular cyber-physical components 102 , and deriving a CPSS 118 from the identified cyber-physical state metadata 111 , as disclosed herein.
- Generating a CPSS 118 corresponding to a particular CPCE 105 may comprise: identifying portion(s) of the cyber-physical state metadata 111 pertaining to the cyber-physical state of the CPCE 105 (e.g., identifying portion(s) of the cyber-physical state metadata 111 pertaining to cyber-physical components 102 within one or more CPCE sections 109 ), and deriving a CPSS 118 from the identified cyber-physical state metadata 111 , as disclosed herein.
- the RS agent 110 may be further configured to generate CPSS 118 corresponding to particular CPC paths 108 .
- Generating a CPSS 118 corresponding to a particular CPC path 108 may comprise: identifying portion(s) of the cyber-physical state metadata 111 pertaining to cyber-physical components 102 included in the CPC path 108 , and deriving a CPSS 118 from the identified cyber-physical state metadata 111 , as disclosed herein.
- the signature schema 116 may be configured to correlate CPSS 118 with the portion(s) of the cyber-physical state metadata 111 from which the CPSS 118 were derived.
- the signature schema 116 may be further configured to correlate CPSS 118 with particular cyber-physical components 102 , CPCE 105 , CPC paths 108 , CPCE sections 109 , and/or the like.
- the RS agent 110 may be further configured to generate cyber state signatures 228 in accordance with the signature schema 116 , as disclosed herein.
- Generating cyber state signatures 228 in accordance with the signature schema 116 may comprise generating cyber state signatures 228 corresponding to selected portions of the cyber state metadata 220 (e.g., portions of the cyber state metadata 220 corresponding to selected cyber-physical components 102 , CPCE 105 , CPC paths 108 , CPCE sections 109 , and/or the like), and correlating the selected portions of the cyber state metadata 220 with respective cyber state signatures 228 (and/or portions of the cyber state signatures 228 ) derived therefrom.
- the signature schema 116 may, therefore, provide for correlating cyber state signatures 228 with particular portions of the cyber state metadata 220 and/or particular portions of the control system 101 .
- physical state signatures 248 may be derived in accordance with the signature schema 116 , as disclosed herein. Generating physical state signatures 248 in accordance with the signature schema 116 may comprise generating physical state signatures 248 corresponding to selected portions of the physical state metadata 240 (e.g., portions of the physical state metadata 240 corresponding to selected cyber-physical components 102 , CPCE 105 , CPC paths 108 , CPCE sections 109 , and/or the like), and correlating the selected portions of the physical state metadata 240 with respective physical state signatures 248 (and/or portions of the physical state signatures 248 ) derived therefrom.
- the signature schema 116 may, therefore, provide for correlating physical signatures 248 with particular portions of the physical state metadata 240 and/or particular portions of the control system 101 .
- FIG. 3A depicts embodiments of a signature schema 116 , as disclosed herein.
- the signature schema 116 of FIG. 3A may correspond to the cyber-physical topology 115 of FIG. 1B and, in particular, to a cyber-physical topology of the CPCE 105 A.
- the signature schema 116 illustrated in FIG. 3A may define cyber state signatures 228 corresponding to the cyber section 129 A of the CPCE 105 A.
- the signature schema 116 may define a cyber state signature 228 A, which may be derived from cyber state metadata 220 A and, as such, may correspond to a cyber state of the controller 132 (e.g., a state of cyber communication at cyber node 124 A).
- the signature schema 116 may further define cyber state signatures 228 B-E, which may be derived from cyber state metadata 220 B-E, respectively and, as such, may correspond to a state of cyber communication at respective cyber nodes 124 B-E of cyber section 129 A.
- the signature schema 116 may define cyber state signatures 228 corresponding to cyber regions comprising a plurality of cyber components 120 (and/or cyber nodes 124 ), such as information pertaining to particular cyber paths 126 , CPCE cyber sections 129 , and/or the like.
- the cyber state signature 228 F may be configured to characterize cyber paths 126 between the controller 132 and sensor device 144 B and, as such, may be derived from cyber state metadata 220 A-C and/or 220 F.
- the signature schema 116 may further define a cyber state signature 228 G, which may be configured to characterize cyber communication between the controller 132 and sensor devices 144 A and, as such, may be derived from cyber state metadata 220 A-D and/or 220 G.
- the signature schema 116 may further define a cyber state signature 228 H, which may be configured to characterize cyber communication between the controller 132 and actuator devices 146 A-B and, as such, may be derived from cyber state metadata 220 A, 220 E, and/or 220 H.
- the signature schema 116 may further define a cyber state signature 228 I, which may be configured to characterize a state of the cyber section 129 A and, as such, may be derived from one or more of cyber state metadata 220 A-H.
- the signature schema 116 may further define a cyber state signatures 228 Z, which may be configured to characterize a cyber state of the control system 101 (e.g., the CS network 122 ) and, as such, may be derived from substantially all of the cyber state metadata 220 .
- the signature schema 116 may define other cyber state signatures 228 corresponding to other portions of the control system 101 , other CPCE 105 B-N, and/or the like (not shown in FIG. 3A to avoid obscuring details of the illustrated embodiments).
- the signature schema 116 may be further configured to define physical state signatures 248 , which may be derived from specified portion(s) of the physical state metadata 240 and, as such, may characterize a physical state of respective: cyber-physical components 102 , respective CPCE 105 , respective CPC paths 108 , respective CPCE sections 109 , and/or the like.
- the signature schema 116 may be configured to define physical state signatures 248 corresponding to the CPCE 105 A illustrated in FIG. 1B .
- the signature schema 116 may define physical state signatures 248 A-D, which may be derived from respective physical state metadata 240 A-D and, as such, may correspond to a physical state of respective sensor/actuator devices 144 A-B/ 146 A-B of the physical control section 149 A of CPCE 105 A.
- the signature schema 116 may further define a physical state signature 248 pertaining to the controller 132 (derived from physical state metadata 240 E).
- the signature schema 116 may further define signature schemas pertaining to the PPV 155 A of CPCE 105 A, such as a physical state signature 248 F corresponding to the physical state of the sensor/actuator devices 144 A-B/ 146 A-B coupled to physical process attributes 152 A-B (derived from physical state metadata 240 A-D).
- the signature schema 116 may further define a physical state signature 248 G, which may correspond to the physical state of the physical control section 149 A of CPCE 105 A, including a physical state of the computational components 130 thereof (e.g., a physical state of the controller 132 and the sensor/actuator devices 144 A-B/ 146 A-B, derived from physical state metadata 240 A-E and/or 240 F).
- the signature schema 116 may further define a physical state signature 248 N, which may be derived from substantially all of the physical state metadata 240 (e.g., physical state metadata 240 A-N) and, as such, may correspond to a physical state of the control system 101 .
- the signature schema 116 may define other physical signatures 248 corresponding to other portions of the control system 101 , other CPCE 105 , and/or the like (not shown in FIG. 3A to avoid obscuring details of the illustrated embodiments).
- the signature schema 116 may define relationships between respective CPSS 118 .
- the relationships may correspond to the cyber-physical state metadata 111 from which respective CPSS 118 were derived.
- the relationships may be established by, inter alia, generating CPSS 118 in accordance with the signature schema 116 and/or by configuring the signature generating function in accordance with the signature schema 116 .
- the signature generating function may comprise a context triggered and/or piecewise signature generating function (e.g., a CTPH and/or fuzzy hash function), which may be configured to generate a sequence of signature values in response to input data (and/or trigger(s) detected therein).
- the RS agent 110 may generate CPSS 118 , such that respective portions and/or sequences thereof correspond to respective portions of the cyber-physical state metadata 111 (e.g., respective cyber state metadata 220 A-N, physical state metadata 240 A-N, and/or the like).
- respective cyber state metadata 220 A-N e.g., respective cyber state metadata 220 A-N, physical state metadata 240 A-N, and/or the like.
- the RS agent 110 and/or signature schema 116 may be configured to map portions of a CPSS 118 to respective cyber-physical state metadata 111 , portions of the control system 101 , and/or one or more other CPSS 118 . As illustrated in FIG. 3B , the RS agent 110 and/or signature schema 116 may define mappings between the cyber state signatures 228 A-N and/or physical state signatures 248 A-N illustrated in FIG. 3A .
- the signature schema 116 may indicate that the cyber state signature 228 N is derived from substantially all of the cyber state metadata 220 (e.g., cyber state metadata 220 A-N) and, as such, covers, encompasses, and/or comprises each of the cyber state signatures 228 A-I.
- the signature schema 116 may identify portions and/or sequences within the cyber state signature 228 N that comprise and/or correspond to respective cyber state signatures 228 A-I (and vice versa). As illustrated in FIG. 3B , the signature schema 116 may indicate that a first portion of the cyber state signature 228 N comprises cyber state signature 228 A, a second portion comprises cyber state signature 228 B, and so on, with a fifth portion comprising cyber state signature 228 E. The signature schema 116 may further define mappings between respective cyber state signatures 228 A-I.
- the signature schema 116 may indicate that cyber state signature 228 F comprises cyber state signatures 228 A-C, cyber state signature 228 G comprises cyber state signatures 228 A-D, cyber state signature 228 H comprises cyber state signatures 228 A and 228 E, cyber state signature 228 I comprises cyber state signatures 228 A-H, and so on.
- the RS agent 110 and/or signature schema 116 may be further configured to define mappings between the physical state signatures 248 A-N of FIG. 3A .
- the signature schema 116 may indicate that the physical state signature 248 N is derived from substantially all of the physical state metadata 240 (e.g., physical state metadata 240 A-N) and, as such, covers, encompasses, and/or comprises respective physical state signatures 248 A-G, and may indicate portions and/or sequences within the physical state signature 248 N that comprise the respective physical state signatures 248 A-G (and vice versa).
- the physical state signature 248 N is derived from substantially all of the physical state metadata 240 (e.g., physical state metadata 240 A-N) and, as such, covers, encompasses, and/or comprises respective physical state signatures 248 A-G, and may indicate portions and/or sequences within the physical state signature 248 N that comprise the respective physical state signatures 248 A-G (and vice versa).
- the signature schema 116 may indicate that a first portion of the physical state signature 248 N comprises physical state signature 248 A, a second portion comprises physical state signature 248 B, and so on, with a fifth portion comprising physical state signature 248 E.
- the signature schema 116 may further define mappings between respective physical state signatures 248 A-G.
- the signature schema 116 may indicate that physical state signature 248 F comprises physical state signatures 248 A-D, physical state signature 248 G comprises physical state signatures 248 A-E, and so on.
- a cyber-physical attack may cause compromised components 102 to implement adversarial operations and/or inject adversarial signals into the control system 101 .
- a cyber-physical attack may result in one or more components 102 providing adversarial cyber-physical state information, resulting in an inaccurate or even adversarial estimation of the cyber-physical state of the control system 101 .
- the RS agent 110 may be configured to ensure that the cyber-physical state metadata 111 is valid by, inter alia, monitoring CPCE 105 of the control system 101 , each CPCE 105 comprising a cyber section 129 , a physical control section 149 , and/or the like, as disclosed herein.
- the RS agent 110 may be configured to: jointly acquire cyber and/or physical validation information, verify the integrity of the cyber-physical state of the control system 101 , and/or use the verified cyber-physical data to evaluate a cyber-physical health of the control system 101 .
- the RS agent 110 may jointly assess the cyber and physical state of the control system 101 , which may enable the RS agent 110 to detect cyber-physical attacks, including: attacks directed against particular components 102 of the control system 101 , attacks through the physical environment, attacks through the computational environment, and/or the like.
- the RS agent 110 may be configured to validate portions of the cyber-physical state metadata 111 and/or assess a cyber-physical health of the control system 101 .
- the RS agent 110 may be configured to communicate cyber-physical state keys (state keys 160 ) through CPCE 105 of the control system 101 , receive validation data 171 in response to communication of the state keys 160 , and generate validation keys 170 from the corresponding validation data 171 .
- the RS agent 110 may be further configured to validate a cyber-physical state of the control system 101 and/or determine a cyber-physical health of the control system 101 based on, inter alia, error introduced during communication of the state keys 160 through portions of the control system 101 .
- the RS agent 110 may be configured to generate state keys 160 comprising cyber-physical key data 162 .
- cyber-physical key data 162 may comprise any suitable information pertaining to a cyber-physical state of the control system 101 , as disclosed herein.
- the CPKD 162 of a state key 160 may correspond to a cyber-physical state of the control system 101 .
- the CPKD 162 may comprise, correspond to, and/or be derived from the cyber-physical state metadata 111 (and/or portion(s) thereof), which may include, but is not limited to: cyber-physical state parameters 112 , CPSS 118 , cyber state metadata 220 , cyber state parameters 222 , cyber state signatures 228 , physical state metadata 240 , physical state parameters 242 , physical state signatures 248 , portion(s) thereof, and/or the like.
- generating the CPKD 162 for a state key 160 may comprise incorporating CPKD 162 of one or more previously generated state keys 160 .
- the CPKD 162 of a state key 160 may comprise cyber key data (a cyber seed and/or cyber seed data) and/or physical key data (a physical seed and/or physical seed data).
- the cyber key data may be derived from cyber state metadata 220 (and/or portion(s) thereof).
- the physical key data may be derived from physical state metadata 240 (and/or portion(s) thereof).
- the RS agent 110 may be further configured to communicate the state keys 160 through respective CPCE 105 of the control system 101 , acquire validation data 171 in response to the communicating, and generate corresponding validation keys 170 by use of the acquired validation data 171 .
- the validation keys 170 may comprise cyber-physical validation data (CPVD) 172 , which may correspond to the CPKD 162 of the corresponding state key 160 .
- the RS agent 110 may be configured to compare the validation keys 170 to corresponding state keys 160 , which may comprise comparing CPKD 162 of the state keys 160 to CPVD 172 of the corresponding validation keys 170 .
- the RS agent 110 may be configured to determine cyber-physical health metadata 180 pertaining to the cyber-physical system 100 based, inter alia, on the comparing.
- the RS agent 110 may be configured to generate state keys 160 by use of, inter alia, the cyber-physical state metadata 111 , as disclosed herein.
- the state keys 160 generated by the RS agent 110 may comprise respective identifiers, which may be configured to: distinguish the state keys 160 from other state keys 160 generated thereby, determine a temporal order of the state keys 160 , provide for associating validation data 171 received at the RS agent 110 with respective state keys 160 , provide for synchronizing the state keys 160 (and/or validation data 171 returned in response to the state keys 160 ), and/or the like.
- each state key 160 generated by the RS agent 110 may comprise one or more of an identifier, a unique identifier, a sequence number, a sequence identifier, a timestamp, synchronization data, and/or the like.
- each state key 160 may comprise CPKD 162 , as disclosed herein.
- the CPKD 162 may correspond to a current, acquired cyber-physical state of the control system 101 .
- the CPKD 162 of each state key 160 may, therefore, comprise, correspond to, and/or be derived from at least a portion of: the cyber state of the control system 101 (e.g., comprise at least a portion of the cyber state metadata 220 , one or more cyber state parameters 222 , one or more cyber state signatures 228 , and/or the like), and the physical state of the control system 101 (e.g., comprise at least a portion of the physical state metadata 240 , one or more physical state parameters 242 , one or more cyber state signatures 248 , and/or the like).
- the cyber state of the control system 101 e.g., comprise at least a portion of the cyber state metadata 220 , one or more cyber state parameters 222 , one or more cyber state signatures 228 , and/or the like
- the physical state of the control system 101 e.g., comprise at least a portion of the physical state metadata 240 , one or more physical state parameters 242 , one or more cyber state signatures 248
- the RS agent 110 may be configured to generate state keys 160 that comprise “corresponding” CPKD 162 .
- corresponding CPKD 162 refers to CPKD 162 that comprises, corresponds to, and/or is derived from a cyber and/or physical state of corresponding regions of the control system 101 .
- a region of a control system 101 may refer to one or more cyber-physical components 102 , CPCE 105 , CPC paths 108 , CPCE sections 109 , cyber nodes 124 , cyber paths 126 , PPV 155 , physical process couplings 148 , and/or the like.
- Cyber-physical state information that covers a region of the control system 101 may, therefore, refer to cyber-physical state information that comprises, defines, and/or characterizes a cyber and/or physical state of the region.
- Corresponding CPKD 162 may refer to CPKD 162 that that comprise cyber state metadata 220 and physical state metadata 240 that cover corresponding regions of the control system 101 .
- the RS agent 110 may be configured to generate CPKD 162 from cyber state information (e.g., cyber state metadata 220 , cyber state parameters 222 , cyber state signatures 228 ) and physical state information (e.g., cyber state metadata 220 , cyber state parameters 222 , cyber state signatures 228 ) that pertain to corresponding regions of the control system 101 .
- the RS agent 110 may be configured to generate state keys 160 comprising corresponding CPKD 162 by use of the cyber-physical topology 115 and/or signature schema 116 , as disclosed herein.
- the RS agent 110 may generate state keys 160 such that the CPKD 162 of respective state keys 160 comprise and/or correspond to a cyber state and physical state of corresponding portions of the control system 101 (e.g., portions that are operatively and/or communicatively coupled, are part of the same CPCE 105 , are on same CPC paths 108 , and/or the like).
- the RS agent 110 may incorporate cyber state information pertaining to particular cyber components 120 into the CPKD 162 of a state key 160 (e.g., a state of cyber communication at particular cyber nodes 124 ) and, in response, may incorporate physical state information pertaining to cyber-physical components 102 that are operatively and/or communicatively coupled to the particular cyber components 120 .
- a state key 160 e.g., a state of cyber communication at particular cyber nodes 124
- the RS agent 110 may incorporate a physical state of particular physical components 140 into the CPKD 162 of a state key 160 (e.g., a physical state of particular sensor and/or actuator devices 144 / 146 ) and, in response, may incorporate cyber state information into the CPKD 162 corresponding to cyber-physical components 102 that are operatively and/or communicatively coupled to the particular physical components 140 .
- a state key 160 e.g., a physical state of particular sensor and/or actuator devices 144 / 146
- the RS agent 110 may be configured to generate state keys 160 comprising CPKD 162 that covers selected regions of the control system 101 .
- CPKD 162 that “covers” a particular region of the control system 101 refers to CPKD 162 that comprises, corresponds to, and/or is derived from cyber-physical state metadata 111 corresponding to the particular region, which may comprise and/or correspond to one or more CPCE 105 (and/or CPC paths 108 , CPCE sections 109 , and/or cyber-physical components 102 thereof).
- Generating CPKD 162 that covers a selected region of the control system 101 may comprise: identifying cyber-physical state metadata 111 that corresponds to the selected region, and generating the CPKD 162 by use of the identified cyber-physical state metadata 111 .
- Cyber-physical state metadata 111 that corresponds to a selected region of the control system 101 may be identified by use of the cyber-physical topology 115 and/or signature schema 116 , as disclosed herein.
- a CPKD 162 may covers a selected region of the control system may comprise and/or correspond to one or more of: cyber-physical state metadata 111 , cyber-physical state parameters 112 , CPSS 118 , cyber state metadata 220 , cyber state parameters 222 , cyber state signatures 228 , physical state metadata 240 , physical state parameters 242 , physical state signatures 248 , portion(s) thereof, and or the like.
- the RS agent 110 may be configured to select regions of the control system 101 to be covered by the CPKD 162 of respective state keys 160 at any suitable granularity.
- the RS agent 110 may be configured to generate CPKD 162 configured to cover particular: cyber-physical components 102 , CPCE 105 , CPC paths 108 , CPCE sections 109 , cyber paths 126 , physical process couplings 148 , and/or the like.
- the RS agent 110 may be configured to select regions to be covered by the CPKD 162 of respective state keys 160 in accordance with any suitable selection mechanism, including, but not limited to: random selection, pseudorandom selection, a round-robin selection, an adaptive selection (to ensure adequate coverage of the control system 101 ), weighted selection (to increase monitoring of venerable and/or sensitive portions of the control system 101 by the CPKD 162 ), a deterministic selection (e.g., a selection in accordance with an isolation scheme, as disclosed in further detail herein), and/or the like.
- any suitable selection mechanism including, but not limited to: random selection, pseudorandom selection, a round-robin selection, an adaptive selection (to ensure adequate coverage of the control system 101 ), weighted selection (to increase monitoring of venerable and/or sensitive portions of the control system 101 by the CPKD 162 ), a deterministic selection (e.g., a selection in accordance with an isolation scheme, as disclosed in further detail herein), and/or the like
- the RS agent 110 may be configured to communicate state keys 160 through the control system 101 .
- the RS agent 110 may be configured to communicate respective state keys 160 through regions of the control system 101 covered by the CPKD 162 thereof (e.g., through regions of the control system 101 covered by the CPKD 162 of the respective state keys 160 , as disclosed herein). Selecting regions of the control system 101 to be covered by CPKD 162 of respective state keys 160 may, therefore, comprise selecting regions of the control system 101 through which the respective state keys 160 are to be communicated.
- the RS agent 110 may be configured to communicate state keys 160 through selected regions of the control system 101 that may, or may not, be selected in accordance with the regions of the control system 101 covered by the CPKD 162 thereof.
- communicating state keys 160 through the control system 101 may comprise the RS agent 110 parsing the state keys 160 into a plurality of fragments 161 , transmitting each fragment 161 through respective CPE paths 108 , and receiving validation data 171 in response to the communication.
- each state key fragment 161 may comprise a respective CPKD fragment 163 , which may comprise at least a portion of the cyber and/or physical state key data of the CPKD 162 of the corresponding state key 160 .
- each fragment 161 may further comprise a fragment identifier, which may be configured to: associate fragments 161 with respective state keys 160 (distinguish fragments 161 of respective state keys 160 and/or fragments 161 of other state keys 160 ), associate the fragments 161 with portion(s) of the state key 160 , provide for associating validation data 171 received at the RS agent 110 with the state key 160 and/or respective fragments 161 thereof (e.g., associate validation data 171 returned in response to communication of respective fragments 161 of the state key 160 ), provide for synchronizing the fragments 161 (and/or validation data 171 returned in response to the fragments 161 ), and/or the like.
- a fragment identifier may be configured to: associate fragments 161 with respective state keys 160 (distinguish fragments 161 of respective state keys 160 and/or fragments 161 of other state keys 160 ), associate the fragments 161 with portion(s) of the state key 160 , provide for associating validation data 171 received at the RS agent 110 with
- the RS agent 110 is configured to parse state keys 160 into a plurality of fragments 161 A-N, including a first fragment 161 A and a last fragment 161 N, each fragment 161 A-N comprising a respective fragment of the CPKD 162 (e.g., a respective CPKD fragment 163 A-N).
- the CPKD fragment 163 A of the first fragment 161 A may comprise and/or correspond to a cyber state of the control system 101
- the last fragment 161 N may comprise and/or correspond to a physical state of the control system 101
- the CPKD fragment 163 A may comprise portion(s) of the CPKD 162 pertaining to the cyber state of the region of the control system 101 covered by the CPKD 162
- the CPKD fragment 163 N may comprise portion(s) of the CPKD 162 pertaining to the physical state of the region.
- the CPKD fragments 163 A-N may comprise and/or correspond to portions of the CPKD 162 corresponding to the cyber and physical state of the control system 101 .
- the RS agent 110 may be configured to generate state key fragments 161 in accordance with a parsing schema 117 .
- the parsing schema 117 may correspond to the cyber-physical state metadata 111 , cyber-physical topology 115 , and/or signature schema 116 , as disclosed herein.
- the parsing schema 117 may define a schema by which CPKD 162 of respective state keys 160 may be parsed into a plurality of CPKD fragments 163 A-N, each CPKD fragment 163 A-N comprising and/or corresponding to cyber and/or physical key data covering at least a portion of the region covered by the CPKD 162 .
- the parsing schema 117 may provide for generating CPKD fragments 163 A-N comprise cyber and/or physical state information configured to cover corresponding regions of the control system 101 (e.g., corresponding sub-regions of the region covered by the CPKD 162 ).
- the CPKD 162 of a state key 160 may be configured to cover selected regions of the control system 101 .
- the RS agent 110 may generate fragments 161 A-N of respective state keys 160 , such that each fragment 161 A-N comprises a CPKD fragment 163 A-N that comprises and/or is derived from corresponding cyber and/or physical state information, as disclosed herein.
- parsing a CPKD 162 of a state key 160 may comprise: generating a CPKD fragment 163 A for a first fragment 161 A of the state key 160 that comprises and/or corresponds to a cyber-physical state of a first portion of the region covered by the CPKD 162 ; and generating a CPKD fragment 163 N for a last fragment 161 N of the state key 160 that comprises and/or corresponds to a second portion of the region.
- the CPKD fragment 163 A may comprise cyber-physical state parameters 112 and/or CPSS 118 configured to characterize the cyber and/or physical state of the first portion of the region
- the CPKD fragment 163 N may comprise cyber-physical state parameters 112 and/or CPSS 118 configured to characterize the cyber and/or physical state of the second portion. Therefore, the CPKD fragment 163 A of the first state key fragment 161 A may cover the first portion of the region, and the CPKD fragment 163 N of the last state key fragment 161 N may cover the second portion of the region.
- the RS agent 110 may be configured to communicate state keys 160 through the control system 101 , which may comprise parsing the state keys 160 into a plurality of fragments 161 A-N, and communicating the respective fragments 161 A-N through the control system 101 .
- communicating the fragments 161 A-N of a state key 160 may comprise sending the fragments 161 A-N through the CS network 122 , receiving validation data 171 A-N returned in response to communication of the respective key fragments 161 A-N, and using the returned validation data 171 A-N to, inter alia, evaluate a cyber and/or physical health of the control system 101 , as disclosed herein.
- validation data 171 returned in response to communication of a state key fragment 161 may comprise a cyber-physical reproduction or copy thereof (e.g., validation data 171 A-N may comprise a cyber-physical reproduction of CPKD fragments 163 A-N, respectively).
- a “cyber-physical reproduction” or “cyber-physical copy” of data refers to a copy and/or reproduction of the data as communicated through a cyber-physical system 100 , such as the control system 101 .
- a cyber-physical reproduction of a CPKD fragment 163 A-N may comprise a copy and/or reproduction of the CPKD fragment 163 A-N as communicated through the control system 101 .
- the RS agent 110 may be configured to determine cyber-physical health metadata 180 pertaining to the control system 101 by, inter alia, comparing respective state keys 160 to validation data 171 A-N acquired in response to communication of respective fragments 161 A-N of the respective state keys 160 .
- the RS agent 110 may be configured to compare respective validation data 171 A-N to corresponding portions of the state key 160 (e.g., corresponding portions of the CPKD 162 of the state key 160 ).
- each state key fragment 161 A-N of the state key 160 may comprise a respective CPKD fragment 163 A-N, which may comprise one or more of: cyber-physical state metadata 111 , a cyber-physical state parameter 112 , a CPSS 118 , cyber state metadata 220 , a cyber state parameter 222 , a cyber state signature 228 , physical state metadata 240 , a physical state parameter 242 , a physical state signature 248 , portion(s) thereof, and/or the like.
- the validation data 171 acquired in response to communication of the state key fragment 161 may, therefore, comprise a cyber-physical reproduction of the CPKD fragment 163 thereof (e.g., a cyber-physical reproduction of the cyber-physical state metadata 111 , the cyber-physical state parameter 112 , the CPSS 118 , the cyber state metadata 220 , a cyber state parameter 222 , a cyber state signature 228 , physical state metadata 240 , a physical state parameter 242 , a physical state signature 248 , portion(s) thereof, and/or the like).
- a cyber-physical reproduction of the CPKD fragment 163 thereof e.g., a cyber-physical reproduction of the cyber-physical state metadata 111 , the cyber-physical state parameter 112 , the CPSS 118 , the cyber state metadata 220 , a cyber state parameter 222 , a cyber state signature 228 , physical state metadata 240 , a physical state parameter 242 , a physical state signature 248 , portion(s)
- the RS agent 110 may be configured to compare cyber-physical reproductions of respective CPKD fragments 163 A-N (of respective validation data 171 A-N) to corresponding CPKD fragments 161 A-N of the original state key 160 . As disclosed in further detail herein, the RS agent 110 may determine fragment errors 177 A-N configured to quantify an error, difference, and/or distance between respective CPKD fragments 163 A-N and corresponding cyber-physical reconstructions thereof (e.g., validation CPKD fragments 173 A-N, as communicated through respective CPC paths 108 of the control system 101 ).
- the RS agent 110 may be configured to generate a cyber-physical reconstruction of respective state keys 160 (validation keys 170 ) by use of the validation data 171 A-N returned in response to communication of respective fragments 161 A-N of the state keys 160 .
- a “cyber-physical reconstruction” of data such as a state key 160 , refers to data reconstructed from a plurality of cyber-physical reproductions, each cyber-physical reproduction corresponding to a respective portion of the data.
- the RS agent 110 may be configured to acquire validation data 171 A-N corresponding to each fragment 161 A-N of a state key 160 , and use the acquired validation data 171 A-N to generate a validation key 170 corresponding to the state key 160 .
- Acquiring the validation data 171 A-N may comprise the RS agent 110 receiving messages comprising the validation data 171 A-N through the CS network 122 (e.g., via one or more cyber paths 126 ).
- acquiring the validation data 171 A-N may comprise detecting messages comprising respective validation data 171 A-N within the CS network 122 .
- the detecting may comprise monitoring cyber communication on the CS network 122 to detect messages comprising validation data 171 corresponding to state key fragments 161 .
- the monitoring may comprise sniffing and/or inspecting messages on the CS network 122 to detect messages corresponding to communication of respective state key fragments 161 A-N (e.g., based on identifying and/or addressing information of the messages, contents of the messages, data of the messages, data streams of the messages, and/or the like).
- the RS agent 110 may be configured to retrieve the detected messages through the CS network 122 (e.g., retrieve broadcast messages on the CS network 122 , retrieve messages communicated through cyber nodes 124 coupled to the RS agent 110 , and/or the like).
- the RS agent 110 may be further configured to synchronize the acquired validation data 171 A-N, which may comprise associating the validation data 171 A-N with a corresponding state key 160 .
- the RS agent 110 may associate a message comprising validation data 171 with a corresponding state key 160 by use of one or more of: an identifier of the state key 160 , an identifier of the message, an address of the message, an identifier of the validation data 171 (e.g., a fragment identifier of the corresponding state key fragment 161 ), and/or the like.
- the synchronizing may further comprise determining a latency of respective validation data 171 A-N, which may comprise the RS agent 110 determining a time between state key fragments 161 A-N corresponding to the validation data 171 A-N were transmitted on the CS network 122 and a time at which the corresponding validation data 171 A-N were acquired (e.g., a time at which messages comprising the respective validation data 171 A-N were returned and/or detected by the RS agent 110 ).
- the synchronizing may further comprise rejecting validation data 171 A-N in response to a latency thereof exceeding a latency threshold.
- Generating the validation key 170 may further comprise determining validation cyber-physical key data (validation CPKD 172 ) for the validation key 170 .
- Determining the validation CPKD 172 may comprise generating validation CPKD fragments 173 A-N by use of the acquired validation data 171 A-N.
- each state key fragment 161 A-N may comprise a respective portion of the CPKD 162 of the state key 160 (e.g., a respective CPKD fragment 163 A-N, comprising respective cyber-physical state metadata 111 , cyber-physical state parameters 112 , CPSS 118 , cyber state metadata 220 , cyber state parameters 222 , cyber state signatures 228 , physical state metadata 240 , physical state parameters 242 , physical state signatures 248 , portions thereof, and/or the like).
- a respective CPKD fragment 163 A-N comprising respective cyber-physical state metadata 111 , cyber-physical state parameters 112 , CPSS 118 , cyber state metadata 220 , cyber state parameters 222 , cyber state signatures 228 , physical state metadata 240 , physical state parameters 242 , physical state signatures 248 , portions thereof, and/or the like).
- the acquired validation data 171 A-N may comprise cyber-physical reproductions of respective fragments 161 A-N of the state key 160 and, as such, may comprise cyber-physical reproductions of respective CPKD fragments 163 A-N thereof (e.g., comprise cyber-physical reproductions of respective portions of the CPKD 162 of the state key 160 ). Therefore, in some embodiments, the acquired validation data 171 A-N may comprise the validation CPKD fragments 173 A-N.
- Generating the validation CPKD 172 of the validation key 170 may comprise obtaining the validation CPKD fragments 173 A-N from the acquired validation data 171 A-N, and combining the validation CPKD fragments 173 A-N to form the validation CPKD 172 .
- the combining may comprise arranging the validation CPKD fragments 173 A-N in accordance with an arrangement of the corresponding CPKD fragments 163 A-N within the CPKD 162 of the state key 160 .
- the RS agent 110 may be configured to recombine the CPKD fragments 173 A-N in accordance with the signature schema 116 , as disclosed herein.
- the RS agent 110 may be configured to communicate fragments 161 of respective state keys 160 through selected regions of the control system 101 .
- the RS agent 110 may be configured to communicate state key fragments 161 through regions of the control system 101 covered by the CPKD fragments 163 thereof, as disclosed herein.
- the RS agent 110 may be configured to communicate state keys 160 and/or fragments 161 thereof through regions that may, or may not, correspond to the region of the control system covered by the CPKD 162 and/or CPKD fragments 163 thereof.
- communicating a state key fragment 161 may comprise transmitting the state key fragment 161 to a selected actuator device 146 (through the CS network 122 ), the actuator device 146 transmitting validation data 171 corresponding to the state key fragment 161 to a selected sensor device 144 (by, across, and/or through a PPV 155 ), and the sensor device 144 returning the validation data 171 to the RS agent 110 (through the CS network 122 ).
- the actuator device 146 and/or sensor device 144 may be selected in accordance with any suitable selection mechanism and/or criteria, as disclosed herein.
- the RS agent 110 may be configured to communicate state key fragments 161 A-N through selected CPCE 105 .
- Communicating a state key fragment 161 through a selected CPCE 105 may comprise communicating the fragment 161 through the cyber section 129 of the CPCE 105 and the physical control section 149 of the CPCE 105 .
- Communicating a state key 160 through a selected CPCE 105 may comprise communicating fragments 161 thereof through CPC paths 108 thereof, each CPC path 108 comprising a first cyber path 126 , a physical control coupling 148 , and a second cyber path 126 , as disclosed herein.
- Communicating a state key fragment 161 through a CPC path 108 may comprise transmitting the state key fragment 161 through: a first cyber path 126 , a physical control coupling 148 , and a second cyber path 126 .
- communicating a state key fragment 161 through the physical control coupling 148 may comprise communicating validation data 171 by, across, and/or through a PPV 155 (e.g., a physical process 150 and/or physical process attribute(s) 152 thereof).
- the CPCE 105 and/or CPC path 108 may be selected in accordance with any suitable selection mechanism and/or criteria, as disclosed herein (e.g., may be selected in accordance with a region of the control system 101 covered by the CPKD fragment 163 thereof).
- Communicating a state key fragment 161 through a CPC path 108 may comprise sending the fragment 161 to the physical control coupling 148 through the first cyber path 126 , and receiving validation data 171 communicated through, across, and/or by use of the physical control coupling 148 through the second cyber path 126 .
- communicating a state key fragment 161 through a CPC path 108 may comprise sending the fragment 161 to a correlator 166 (through a first cyber path 126 ).
- a correlator 166 refers to a cyber-physical component 102 of the control system 101 configured to determine and/or communicate validation data 171 corresponding to a state key fragment 161 through, across, and/or by use of a PPV 155 .
- the correlator 166 may be configured to communicate the validation data 171 through, by, and/or across the physical process 150 and/or physical process attribute(s) 152 of the physical control coupling 148 .
- a receiver 168 refers to a cyber-physical component 102 of the control system 101 configured to detect, receive, and/or interpret validation data 171 communicated by a correlator 166 .
- a receiver 168 may be configured to detect, receive, and/or interpret validation data 171 communicated through, by, and/or across the physical process 150 and/or physical process attribute(s) 152 of the physical control coupling 148 .
- the correlator 166 comprises and/or is coupled to an actuator device 146 , the actuator device 146 operatively coupled to the PPV 155 of the physical coupling 148 .
- the correlator 166 e.g., actuator device 146
- the correlator 166 may be configured to receive the state key fragment 161 , and transmit correlation signal(s) comprising the validation data 171 to a selected receiver 168 .
- the correlator 166 (e.g., actuator device 146 ) may be configured to transmit the correlation signal(s) by, inter alia, performing physical operations configured to affect, manipulate, and/or modify the physical process 150 and/or physical process attribute(s) 152 , as disclosed herein.
- the correlator 166 may be configured to convert the state key fragment 161 into physical operations capable of being performed thereby, the physical operations configured to produce changes in the PPV 155 (e.g., physical process 150 and/or physical process attribute(s) 152 ) corresponding to the validation data 171 .
- the changes may be configured to have negligible effects on the PPV 155 and/or control functions pertaining thereto.
- the correlator 166 may be configured to communicate the validation data 171 on a physical medium of the PPV 155 .
- the PPV 155 may comprise the transmission and/or distribution of electrical power on a conductor, and the correlator 166 (e.g., actuator device 146 ) may be configured to transmit the validation data 171 on the conductor by, inter alia, power-line communication (PLC), and/or other technique.
- PLC power-line communication
- the correlator 166 may be configured to transmit the validation data 171 on any suitable medium associated with the PPV 155 including, but not limited to: a physical medium, an electrical medium (e.g., one or more conductors, traces, lines, and/or the like), an acoustic medium, a hydraulic medium, a pneumatic medium, a wireless medium (e.g., an electromagnetic signal propagation medium), and/or the like.
- the correlator 166 e.g., actuator device 146
- the correlator 166 may be configured to communicate the validation data 171 on signal(s) carried on a physical process 150 and/or physical process attribute(s) 152 (may use a signal being propagated on, across, and/or through physical process 150 and/or attribute(s) 152 as a carrier signal, modulate the signal, and/or otherwise use the signal for communication of the validation data 171 ).
- the correlator 166 may be configured to embed the validation data 171 in signals and/or data being communicated via the PPV 155 (e.g., may embed the validation data 171 by steganography, network steganography, image steganography, and/or any other suitable technique).
- the receiver 168 comprises and/or is coupled to a sensor device 144 operatively coupled to the PPV 155 of the physical control coupling 148 .
- the receiver 168 (sensor device 144 ) may be configured to: receive validation data 171 communicated by the correlator 166 , and return the validation data 171 to the RS agent 110 via the CS network 122 .
- Receiving the validation data 171 may comprise the receiver 168 (e.g., sensor device 144 ) acquiring sensor data comprising the validation data 171 communicated across the PPV 155 , as disclosed above.
- Receiving the validation data 171 may further comprise the sensor device 144 (and/or a computational component 130 closely coupled thereto) detecting the validation data 171 within the acquired sensor data.
- Receiving the validation data 171 may comprise identifying correlation signal(s) and/or validation data 171 within the acquired sensor data, isolating the identified correlation signal(s) and/or validation data 171 , extracting the identified correlation signal(s) and/or validation data 171 , filtering the acquired sensor data, and/or the like.
- receiving the validation data 171 may comprise receiving signal(s) comprising the validation data 171 on a medium corresponding to the PPV 155 of the physical coupling 148 (e.g., a physical process 150 and/or physical process attribute(s) 152 ), such as a physical medium, electrical medium, acoustic medium, hydraulic medium, pneumatic medium, wireless medium, and/or the like, as disclosed above.
- the receiver 168 (e.g., sensor device 144 ) may be configured to receive validation data 171 communicated on a signal of the PPV 155 , and/or embedded in signal(s) and/or data communicated through the PPV 155 , as disclosed above.
- the correlator 166 may comprise and/or be coupled to a computational component 130 of the control system 101 configured to communicate validation data 171 corresponding to the state key fragment 161 across the physical control coupling 148 (e.g., by use of one or more physical component(s) 140 tightly coupled thereto).
- the correlator 166 may comprise and/or be coupled to a controller 132 configured to: receive the state key fragment 161 and, in response, cause one or more actuator devices 146 to transmit validation data 171 by, across and/or through, the physical process 150 and/or physical process attributes(s) 152 , as disclosed herein.
- the receiver 168 may comprise and/or be coupled to a computational component 130 configured to receive validation data 171 communicated by, across, and/or through the physical process 150 and/or physical process attribute 152 by use of one or more physical component(s) 140 tightly coupled thereto.
- the receiver 168 may comprise a controller 132 configured to: receive validation data 171 by use of one or more sensor devices 144 operatively coupled to the physical process 150 and/or physical process attribute(s) 152 , as disclosed herein.
- the receiver 168 (e.g., controller 132 ) may be configured to determine the validation data 171 by use of sensor data acquired by the one or more sensor devices 144 , and return the validation data 171 to the RS agent 110 , as disclosed herein.
- the correlator 166 may comprise a computational component 130 configured to, inter alia, receive the state key fragment 161 , and determine validation data 171 corresponding to the fragment 161 by use of one or more physical components 140 operatively and/or communicatively coupled thereto.
- the computational component 130 may further comprise the receiver 168 , and may be configured to return the determined validation data 171 to the RS agent 110 , as disclosed herein.
- the correlator 166 (e.g., controller 132 ) may be configured to determine the validation data 171 by, inter alia, determining cyber-physical key data corresponding to the CPKD fragment 163 of the state key fragment 161 .
- the correlator 166 may determine the cyber-physical key data by, inter alia, acquiring cyber-physical state information corresponding to the CPKD fragment 163 (e.g., a cyber-physical state of the PPV 155 and/or physical components 140 operatively coupled thereto, such as one or more actuator devices 146 , sensor devices 144 , and/or the like), and deriving the cyber-physical key data from the acquired cyber-physical state information. Determining the validation data 171 may comprise using the physical control metadata 249 to verify that the physical state of the PPV 155 as indicated by one or more actuator devices 146 coupled thereto is consistent with a state of the PPV 155 as indicated by corresponding sensor devices 144 .
- Determining the validation data 171 may comprise predicting a state of the PPV 155 based on a state of the actuator devices 146 , acquiring the state of the PPV 155 based on a state of the sensor devices 144 , and/or comparing the predicted state to the acquired state.
- the state of the PPV 155 may be determined and/or estimated in accordance with physical control metadata 249 pertaining thereto, which may comprise, inter alia, a model by which a state of the PPV 155 (as indicated by one or more sensor devices 144 ) may be determined from a state of actuator devices 146 operatively coupled thereto.
- Determining the validation data 171 may comprise introducing noise and/or error into the cyber-physical reproduction of the state key fragment 161 (the validation data 171 ) in accordance with noise and/or error between the predicted state and the acquired state.
- the receiver 168 e.g., controller 132
- the receiver 168 may be further configured to return validation data 171 comprising the cyber-physical key data to the RS agent 110 , as disclosed herein.
- state keys 160 Although particular mechanisms for communicating state keys 160 , state key fragments 161 , and/or corresponding validation data 171 are described herein, the disclosure is not limited in this regard, and could be adapted to communicate state keys 160 , state key fragments 161 , and/or corresponding validation data 171 using any suitable means (e.g., by, across and/or through any suitable PPV 155 and/or in accordance with any suitable cyber-physical state information pertaining thereto).
- any suitable means e.g., by, across and/or through any suitable PPV 155 and/or in accordance with any suitable cyber-physical state information pertaining thereto.
- Communicating a state key 160 may further comprise the RS agent 110 acquiring validation data 171 A-N returned in response to communication of respective fragments 161 A-N of the state key 160 , and determining validation CPKD fragments 173 A-N by use of the acquired validation data 171 A-N.
- Acquiring the validation data 171 A-N may comprise validating messages comprising the validation data 171 A-N, associating the validation data 171 A-N with the state key 160 , synchronizing the validation data 171 A-N, determining a latency of respective validation data 171 A-N, and/or the like, as disclosed herein.
- the RS agent 110 may be further configured to generate a validation key 170 , which may comprise a cyber-physical reconstruction of the CPKD 162 of the state key 160 (may comprise validation CPKD 172 ). Generating the validation key 170 may comprise reconstructing the validation CPKD 172 by use of the determined validation CPKD fragments 173 A-N, which may comprise reconstructing the validation CPKD 172 in accordance with parsing schema 117 by which the corresponding fragments 161 A-N (and/or CPKD fragments 163 A-N thereof) were generated, as disclosed herein.
- a validation key 170 may comprise a cyber-physical reconstruction of the CPKD 162 of the state key 160 (may comprise validation CPKD 172 ).
- Generating the validation key 170 may comprise reconstructing the validation CPKD 172 by use of the determined validation CPKD fragments 173 A-N, which may comprise reconstructing the validation CPKD 172 in accordance with parsing schema 117 by which the corresponding fragments 161 A
- the RS agent 110 may be configured to compare state keys 160 to validation data 171 returned in response to communication of the state keys 160 through portions of the control system 101 .
- the comparing may comprise comparing respective state keys 160 to corresponding validation keys 170 (e.g., comparing CPKD 162 of respective state keys 160 to validation CPKD 172 of the corresponding validation keys 170 ).
- the comparing may comprise comparing fragments 161 A-N of respective state keys 160 to corresponding validation data 171 A-N (and/or comparing CPKD fragments 163 A-N to corresponding validation CPKD fragments 173 A-N).
- the RS agent 110 may be further configured to determine and/or maintain error metrics 175 pertaining to communication of the state keys 160 , including, but not limited to: key errors 176 , fragment errors 177 , and/or the like.
- the RS agent 110 may be configured to determine key error metrics (key errors 176 ), which may correspond to an error, distance, and/or difference between validation keys 170 and corresponding state keys 160 (and/or validation CPKD 172 and the CPKD 162 of corresponding state keys 160 ).
- the key error metric 176 for a state key 160 may be configured to quantify error introduced by the cyber-physical reconstruction of the state key 160 (e.g., by communication of fragments 161 of the state key 160 through respective CPC paths 108 of the control system 101 ).
- the RS agent 110 may be configured to determine fragment error metrics (fragment errors 177 ), which may correspond to an error, distance, and/or difference between state key fragments 161 and corresponding validation data 171 (and/or CPKD fragments 163 and the corresponding validation CPKD fragments 173 ).
- fragment error 177 for a state key fragment 161 may be configured to quantify error introduced by the cyber-physical reproduction thereof (e.g., by communication of the fragment 161 through a CPC path 108 of the control system 101 ).
- the key error 176 of a state key 160 may correspond to fragment errors 177 A-N of respective fragments 161 A-N thereof.
- the RS agent 110 may be configured to determine error metrics 175 between state keys 160 , CPKD 162 , state key fragments 161 , and/or CPKD fragments 163 (S 1 ) and corresponding validation keys 170 , validation CPKD 172 , validation data 171 , and/or CPKD fragments 173 (S 2 ), using any suitable means.
- the RS agent 110 is configured to calculate error metrics 175 in accordance with, inter alia, a root mean square (RMS) technique, as follows:
- e RMS may comprise an RMS error between S 1 and S 2
- N may be a length of S 1 and S 2 .
- the RS agent 110 may be configured to calculate error metrics 175 in accordance with, inter alia, an edit distance, as follows:
- l 1 may comprise a length of S 1 (the state key 160 , CPKD 162 , fragment 161 , CPKD fragment 163 , and/or the like), 12 may be a length of S 2 (the validation key 170 , validation CPKD 172 , validation data 171 , validation CPKD fragment 173 , and/or the like), i is a number of insertions, d is a number of deletions, c is a number of changes, and w is a number of swaps between S 1 and S 2 .
- the edit distance may be rescaled from 0-64 to 0-100, to produce an error metric M, as follows:
- the error metric (M) may comprise a weighted percentage of a degree to which S 1 and Sz deviate from being homologous sequences of one another (e.g., how many bits differ and/or are in different orders).
- a low error metric (M) may, therefore, indicate that S 1 and S 2 correspond to a common ancestor (e.g., a same or cyber-physical state and/or CPKD 162 / 163 ).
- a high error metric (M) may indicate little or no homology between S 1 and S 2 (e.g., may indicate significant changes to the cyber-physical state, CPKD 162 , CPKD fragment 163 , and/or the like).
- the RS agent 110 may be further configured to determine a cyber-physical health of the control system 101 and/or validate cyber-physical state metadata 111 (and/or portions thereof) based on, inter alia, error metrics 175 determined in response to communicating respective state keys 160 , as disclosed herein.
- the cyber-physical state metadata 111 used to characterize the cyber-physical state of the control system 101 may be acquired from respective cyber-physical components 102 (e.g., by requesting cyber-physical state information from respective cyber-physical components 102 , monitoring communication on the CS network 122 , estimating cyber-physical state information, and/or the like).
- the cyber-physical state information acquired therefrom may be inaccurate (or even adversarial), leading to inaccuracies in the determination, estimation, and/or acquisition of the cyber-physical state of the control system 101 (e.g., an attacker may introduce adversarial cyber-physical state information through a compromised component 102 , through the physical environment, via the CS network 122 , from an external network, and/or the like).
- Communication of state keys 160 through respective CPCE 105 and/or CPC paths 108 of the control system 101 may ensure that cyber-physical state information acquired from cyber-physical component(s) 102 thereof are accurate.
- an attacker may be able to emulate and/or “spoof” communication on the CS network 122 (e.g., inject adversarial messages, signals and/or the like), attackers (and/or cyber-physical components 102 compromised thereby) may be incapable of emulating and/or spoofing communication of state keys 160 (and/or state key fragments 161 ), as disclosed herein, much less communicating state keys 160 comprising cyber-physical key data 162 that comprises, and/or corresponds to context-specific cyber-physical state metadata 111 and/or CPSS 118 .
- attackers may have no knowledge of the cyber-physical topology 115 and/or cyber-physical state information from which the cyber-physical state metadata 111 and/or CPSS 118 are derived and, as such, may be incapable of emulating communication of state keys 160 , state key fragments 161 and/or corresponding validation data 171 , as disclosed herein.
- CPKD 162 covering different regions of the control system 101 (e.g., comprising and/or derived from different cyber-physical state metadata 111 and/or CPSS 118 in accordance with a cyber-physical topology 115 and/or signature schema 116 ), changes to the underlying cyber-physical state metadata 111 itself (and/or corresponding CPSS 118 ), the use of state keys 160 and/or state key fragments 161 comprising CPKD 162 and/or CPKD fragments 163 covering different regions of the control system 101 , and communication of state keys 160 and/or fragments 161 through different regions of the control system 101 (e.g., communication of state key fragments 161 by, across, and/or through physical process couplings 148 of different CPCE 105 ) may make it impossible for an attacker to employ such captured data in a replay or similar attack (or use captured data
- the RS agent 110 may be capable of operating on relatively simple devices.
- the RS agent 110 may be configured to derive CPSS signatures 118 using low-overhead techniques, which may be capable of operating on rudimentary devices, such as PLC.
- the RS agent 110 may determine cyber-physical health metadata 180 for the control system 101 by use of error metrics 175 pertaining to communication of state keys 160 and/or state key fragments 161 through respective regions of the control system 101 .
- error metrics 175 may indicate increased error in communication of state keys 160 and/or state key fragments 161 through the control system 101 , which increased error may be due to degradation to the cyber and/or physical health of the control system 101 .
- health metrics of the cyber-physical health metadata 180 may be inversely proportional to the error metrics 175 determined by the RS agent 110 .
- the RS agent 110 may be configured to determine the cyber-physical health metadata 180 based on, inter alia, error metrics 175 of state keys 160 most recently generated and/or communicated through the control system 101 .
- the cyber-physical health metadata 180 may comprise and/or correspond to a state key window (e.g., error metrics of the last N state keys 160 ).
- the RS agent 110 may be configured to calculate health metrics comprising a last N error metrics 175 ( e ), as follows:
- CPH may comprise a cyber-physical health metric
- e i may comprise error metrics 175 associated respective state keys 160 of the last N state keys 160 .
- the cyber-physical health metadata 180 may further comprise confidence metrics pertaining to the cyber-physical state metadata 111 .
- the cyber-physical health metadata 180 may quantify a confidence that the cyber-physical state metadata 111 accurately reflects the cyber-physical state of the control system 101 .
- the cyber-physical state metadata 111 may be determined by, inter alia, acquiring cyber-physical state information from respective regions of the control system 101 (e.g., respective cyber-physical components 102 , CPCE 105 , CPC paths 108 , CPCE sections 109 , and/or the like).
- the cyber-physical state information may be acquired from regions through which the RS agent 110 is configured to communicate respective state keys 160 and/or state key fragments 161 .
- Error metrics 175 corresponding to communication of respective state keys 160 and/or state key fragments 161 may, therefore, correspond to error in cyber-physical state information from which the cyber and/or physical state of the control system 101 is acquired (and/or from which the cyber-physical state metadata 111 are determined).
- the confidence metrics determined by the RS agent 110 may, therefore, be inversely proportional to the error metrics 175 , such that increases to the error metrics 175 result in decreased confidence metrics, and vice versa.
- the RS agent 110 may determine confidence metrics by use of one or more error metrics 175 (e.g., a last N error metrics 175 , as disclosed above).
- the RS agent 110 may be further configured to associate error metrics 175 with particular regions of the control system 101 (e.g., particular CPCE 105 , CPC paths 108 , CPCE sections 109 , cyber-physical components 102 , cyber nodes 124 , cyber paths 126 , physical process couplings 148 , and/or the like).
- the error metrics 175 determined in response to communication of state keys 160 (and/or respective state key fragments 161 ) through respective regions of the control system 101 may indicate an error introduced by communication through the respective regions.
- the RS agent 110 may be configured to associate error metrics 175 of particular state keys 160 (and/or respective state key fragments 161 ) with regions of the control system 101 through which the particular state keys 160 (and/or respective key fragments 161 ) were communicated.
- the RS agent 110 may be configured to associate key errors 176 with CPCE 105 through which the corresponding state keys 160 were communicated, associate fragment errors 177 A-N with CPC paths 108 through which the corresponding state key fragments 161 were communicated, and so on.
- the RS agent 110 may be configured to determine cyber-physical health metrics 180 corresponding to respective regions of the control system 101 (e.g., respective CPCE 105 , CPC paths 108 , cyber-physical components 102 , and/or the like), which may be based on, inter alia, error metrics 175 associated with the respective regions, as disclosed above.
- respective regions of the control system 101 e.g., respective CPCE 105 , CPC paths 108 , cyber-physical components 102 , and/or the like
- error metrics 175 associated with the respective regions, as disclosed above.
- the RS agent 110 may be further configured to associate error metrics 175 with respective portions of the cyber-physical state metadata 111 .
- the RS agent 110 may be configured to associate error metrics 175 of particular state keys 160 (and/or respective state key fragments 161 ) with portions of the cyber-physical state metadata 111 corresponding to regions of the control system 101 through which the particular state keys 160 (and/or respective key fragments 161 ) were communicated (e.g., portions of the cyber-physical state metadata 111 corresponding to the CPCE 105 , CPC paths 108 , CPCE sections 109 , cyber-physical components 102 , cyber nodes 124 , and/or the like, through which the state keys 160 and/or state key fragments 161 were communicated).
- the RS agent 110 may be further configured to determine confidence metrics for respective portions of the cyber-physical state metadata 111 .
- the confidence metrics may be based on, inter alia, error metrics associated with the respective portions of the cyber-physical state metadata 111 , as disclosed herein.
- the fragments 161 of a state key 160 may be communicated through one or more CPCE 105 (through respective CPC paths 108 of the CPCE 105 ).
- the state keys 160 communicated by the RS agent 110 may, therefore, “cover” respective cyber-physical control regions of the control system 101 .
- the cyber-physical control region “covered” by a state key 160 refers to the cyber-physical control region of the control system 101 through which the state key 160 (and/or fragments 161 thereof) is communicated.
- a cyber-physical control region may comprise and/or correspond to one or more CPCE 105 (and/or regions thereof).
- the RS agent 110 may configure state keys 160 to cover regions corresponding to the CPKD 162 thereof.
- the RS agent 110 may configure state keys 160 to cover regions of the control system 101 that may, or may not, correspond to regions covered by the CPKD 162 thereof.
- the RS agent 110 may select regions to be covered by respective state keys 160 based on any suitable criteria, as disclosed herein, which selection may be independent of the CPKD 162 of the respective state keys 160 .
- Communicating a state key 160 through a selected region of the control system 101 may comprise communicating respective fragments 161 A-N thereof through respective CPC paths 108 of the region.
- Communicating a state key fragment 161 through a CPC path 108 may comprise sending the fragment 161 through the cyber section 129 of a CPCE 105 of the region to the physical control section 149 of the CPCE 105 , and communicating corresponding validation data 171 A-N from the physical control section 149 of the CPCE 105 back through the cyber section 129 of the CPCE 105 .
- Communicating a state key fragment 161 may comprise the RS agent 110 : sending the fragment 161 to a selected correlator 166 (through an input cyber path 126 ), causing the correlator 166 (e.g., a selected actuator device 146 ) to communicate corresponding validation data 171 to a selected receiver 168 (e.g., a selected sensor device 144 ) by, across, and/or through a PPV 155 of the CPCE 105 , and causing the receiver 168 to return the validation data 171 to the RS agent 110 (through a return cyber path 126 ).
- the CPC path 108 through which a state key 160 is communicated may be represented as follows:
- the input cyber path 126 may comprise cyber node(s) 124 through which the RS agent 110 sends the state key fragment 161 to a selected correlator 166 (e.g., actuator device 146 ) of the physical control coupling 148 .
- the physical control coupling 148 may identify the PPV 155 by, across, and/or through which the correlator 166 transmits corresponding validation data 171 to a selected receiver 168 (e.g., sensor device 144 ).
- the return cyber path 126 may comprise cyber node(s) 124 through which the validation data 171 are returned to the RS agent 110 .
- the region covered by a state key 160 may comprise a union of the CPC paths 108 through which respective fragments 161 thereof are communicated (e.g., a union of the CPCE 105 corresponding to the respective CPC paths 108 ).
- the error metrics 175 of a state key 160 may quantify error in the cyber-physical reconstruction of the resulting validation key 170 (and/or cyber-physical reproductions of the resulting validation data 171 ).
- the error metrics 175 of a state key 160 that covers a selected region of the control system 101 may, therefore, quantify error introduced by communication by, across, and/or through the selected region.
- the RS agent 110 may, therefore, be configured to attribute the key error 176 of a state key 160 to the cyber-physical components 102 of the region covered thereby (e.g., determine that one or more cyber-physical components 102 within the region contributed to the resulting key error 176 ).
- the RS agent 110 may be further configured to attribute fragment errors 177 A-N of the state to cyber-physical components 102 of the CPC paths 108 through which the corresponding fragments 161 A-N of the state key 160 were communicated (e.g., determine that one or more cyber-physical components 102 of the respective CPC paths 108 contributed to the corresponding fragment error 177 A-N).
- the RS agent 110 may be configured to record error metrics 175 attributed to respective cyber-physical components 102 (and/or corresponding cyber-physical state metadata 111 ) in the cyber-physical health metadata 180 , as disclosed herein.
- the RS agent 110 may be further configured to further refine the cyber-physical components 102 to which particular error metrics 175 are attributed by, inter alia, communicating overlapping and/or related state keys 160 , and evaluating the resulting error metrics 175 thereof.
- state keys 160 (and/or the fragments 161 thereof) may cover respective regions of the control system 101 .
- “related” or “overlapping” state keys 160 refer to state keys 160 that cover at least a portion of a designated “overlap region.”
- a “target” or “overlap” region may refer to a cyber-physical control region, as disclosed herein (e.g., may comprise one or more CPCE 105 ).
- An overlap region may, therefore, comprise and/or correspond to a group of cyber-physical components 102 , CPC paths 108 , CPCE sections 109 , cyber nodes 124 , and/or the like.
- Overlapping state keys 160 may refer to state keys 160 configured for communication through a same overlap region (e.g., through one or more CPCE 105 of the overlap region).
- Overlapping state keys 160 may, therefore, refer to state keys 160 configured for communication through overlapping CPC paths 108 .
- “related” or “overlapping” CPC paths 108 refer to CPC paths 108 through a same overlap region of the control system 101 (e.g., CPC paths 108 through one or more CPCE 105 of the overlap region).
- Overlapping CPC paths 108 may correspond to respective cyber paths 126 and/or physical process couplings 148 of the overlap region.
- first and second CPC paths 108 through a same overlap region may cover respective portions, sections, and/or sub-regions of the overlap region (e.g., may cover respective CPCE 105 , CPCE sections 109 , cyber paths, and/or physical couplings 148 of the overlap region).
- the RS agent 110 may configure overlapping CPC paths 108 to isolate particular regions and/or cyber-physical components 102 (e.g., to differ with respect to inclusion/exclusion of particular cyber-physical components 102 of the overlap region).
- Overlapping CPC paths 108 configured to isolate particular portions of an overlap region may be referred to herein as “isolation” CPC paths 108 .
- the first and second overlapping CPC paths 108 may comprise isolation CPC paths 108 : the first CPC path 108 may include first cyber-physical components 102 that are not included in the second CPC path 108 and/or the second CPC path 108 may include second cyber-physical components 102 that are not included in the first CPC path 108 .
- the RS agent 110 may configure isolation CPC paths 108 to isolate particular cyber-physical regions and/or components 102 , which may enable differences in the error metrics 175 thereof to be attributed to the particular cyber-physical regions and/or components 102 .
- the RS agent 110 may be configured to evaluate error metrics 175 of overlapping state keys 160 and/or isolation CPC paths 108 to, inter alia, further refine the cyber-physical components 102 (and/or corresponding cyber-physical state metadata 111 ) to which error metrics 175 should be attributed. The RS agent 110 may, therefore, determine a cause and/or source of anomalous error metrics 175 .
- the RS agent 110 may communicate a first state key 160 A through CPCE 105 A, which may correspond to CPCE 105 A as illustrated in FIG. 1B .
- the first state key 160 A may, therefore, cover CPCE 105 A.
- Communicating the first state key 160 A may comprise communicating respective fragments 161 A-N thereof through respective CPC paths 108 of CPCE 105 A, acquiring corresponding validation data 171 A-N, and determining error metrics 177 A-N, as follows:
- communication of fragment 161 AA may comprise communicating the fragment 161 AA through CPC path 108 AA, which may comprise: the RS agent 110 sending the fragment 161 AA to a first correlator 166 (actuator device 146 A) through an input cyber path 126 comprising cyber nodes 124 A and 124 E; the actuator device 146 A transmitting corresponding validation data 171 AA to a first receiver 168 (sensor device 144 A) through physical process attribute 152 A; and the sensor device 144 A returning the validation data 171 AA to the RS agent 110 through a first return cyber path 126 comprising cyber nodes 124 D, B, C, and A.
- the resulting fragment error 177 AA may quantify an error between the fragment 161 AA and the acquired validation data 171 AA, as disclosed herein.
- Communicating fragment 161 AN through CPC path 108 AN may comprise the RS agent 110 : transmitting the fragment 161 AN to a second correlator 166 (actuator device 146 B) through the input cyber path 126 ; the actuator device 146 B transmitting corresponding validation data 171 AN to a second receiver 168 (sensor device 144 B) through physical process attribute 152 B; and the sensor device 144 B returning the validation data 171 AN to the RS agent 110 through a second return cyber path 126 comprising cyber nodes 124 B and 124 A.
- the resulting fragment error 177 AN may correspond to an error between the fragment 161 AN and the corresponding validation data 171 AN, as disclosed herein.
- the respective error metrics 177 AA-AN may indicate a cyber-physical health of the cyber-physical components of the respective CPC paths 108 AA-AN.
- the error metric 177 AA may indicate a cyber-physical health of cyber nodes 124 A-E, sensor device 144 A, actuator device 146 A, and/or physical process attribute 152 A.
- the error metric 177 AN may indicate a cyber-physical health of cyber nodes 124 A, B and E, sensor device 144 B, actuator device 146 B, and/or physical process attribute 152 B. Differences between the fragment errors 177 AA-AN may be attributed to inclusion and/or exclusion of cyber-physical components 102 in respective CPC paths 108 A-N.
- Differences in the fragment errors 177 AA-AN may correspond to differences in a cyber-physical health of one or more of the: cyber node 124 C, sensor devices 144 A-B, actuator devices 146 A-B, physical process attributes 152 A-B, and/or the like.
- the RS agent 110 may be configured to adapt communication of state keys 160 and/or state key fragments 161 to, inter alia, further refine cyber-physical components 102 to which particular error metrics 175 may be attributed (e.g., determine the cause and/or source of anomalous error metrics 175 ).
- the adaptations may comprise configuring communication of a series of overlapping state keys 160 , which, as disclosed above, may be communicated through a same overlap region of the control system 101 .
- the RS agent 110 may configure communication of the state keys 160 through isolation CPC paths 108 that vary with respect to inclusion/exclusion of particular cyber-physical components 102 , such that differences in error metrics 175 thereof may be attributed to the particular cyber-physical components 102 included/excluded in the respective isolation CPC paths 108 .
- the RS agent 110 may adapt communication of a subsequent state key 160 B, as disclosed above.
- the RS agent 110 may configure state key 160 B to overlap with state key 160 A, which may comprise configuring state key 160 B for communication through CPCE 105 A.
- the RS agent 110 may be configured to communicate fragments 161 BA-BN through CPC paths 108 BA-BN, that may correspond to the same CPCE 105 A, but differ from the CPC paths 108 AA-AN of state key 160 A with respect to inclusion and/or exclusion of particular cyber-physical components 102 .
- the RS agent 110 may be configured to communicate the state key 160 B, as follows:
- the error metric 177 BA may quantify error introduced during communication of fragment 161 A through CPC path 108 BA, which differs from CPC path 108 AA with respect to cyber node 124 C.
- the RS agent 110 may configure the fragment 161 BA to bypass cyber node 124 C, while utilizing the same or similar cyber-physical components 102 of CPC path 108 AA. Since CPC paths 108 AA and 108 BA only differ with respect to cyber node 124 C, the RS agent 110 may attribute differences between fragment errors 177 AA and 177 BA to cyber node 124 C.
- the fragment error 177 AA may be anomalous and, in response, the RS agent 110 may adapt communication of subsequent state keys 160 (e.g., state key 160 B) to isolate components of the CPC path 108 AA associated with the fragment error 177 AA.
- the RS agent 110 may determine that the fragment error 171 BA is nominal and, since the CPC path 108 BA differs from the CPC path 108 AA associated with the anomalous fragment error 177 AA by inclusion of cyber node 124 C, the RS agent 110 may determine that cyber node 124 C was the source and/or cause of the anomaly (e.g., the cyber node 124 C may be compromised and/or subject to cyber-attack).
- the RS agent 110 may be further configured to communicate subsequent state keys 160 to verify that cyber node 124 C is the source of the anomaly (e.g., by communicating subsequent state keys 160 through paths that differ with respect to their inclusion of cyber node 124 C, and comparing the resulting error metrics 175 ).
- the RS agent 110 may configure the CPC path 108 BN through which state key fragment 161 BN may be configured to isolate one or more cyber-physical components 102 of CPC path 108 AN.
- the RS agent 110 may adapt the CPC path 108 BN of the subsequent state key 160 B in order to, inter alia, refine the cyber-physical components 102 to which the resulting fragment errors 177 AN and/or 177 BN may be attributed, as disclosed above.
- the RS agent 110 may configure the CPC path 108 BN to differ from CPC path 108 AN with respect to selected cyber-physical components 102 .
- the CPC path 108 BN may differ from the CPC path 108 AN with respect to the physical couplings 148 thereof.
- the physical coupling of CPC path 108 BN may comprise transmitting validation data 171 BN from the actuator device 146 B to sensor device 144 A (rather than to sensor device 144 B, as in CPC path 108 AN).
- the RS agent 110 may, therefore, determine that differences between fragment errors 177 AN and 177 BN may be attributed to communication through the physical control coupling 148 comprising actuator device 146 B and sensor device(s) 144 A or 144 B.
- the RS agent 110 may further determine that a cause and/or source of a higher fragment error 177 AN as compared to 177 BN is sensor device 144 B, and a cause and/or source of a higher fragment error 177 BN compared to 177 AN is sensor device 144 A.
- the RS agent 110 may be further configured to detect high error metrics 175 and, in response, configure communication of subsequent state keys 160 and/or state key fragments 161 to, inter alia, determine a source and/or cause thereof.
- the RS agent 110 may be configured to determine a “error region,” which may comprise region(s) of the control system 101 covered by the state keys 160 having the high error metrics 175 .
- the RS agent 110 may be further configured to identify cyber-physical components 102 included in the determined error region, which may be potential causes of the high error metrics 175 .
- the RS agent 110 may be configured to maintain a group comprising cyber-physical components 102 that are potential causes of the high error metric 175 (an “error group”), which may initially comprise the identified cyber-physical components 102 .
- the RS agent 110 may, therefore, initially attribute the high error metrics 175 to cyber-physical components 102 within the error group.
- the RS agent 110 may be further configured to further determine and/or refine the cause and/or source of error metrics 175 , which may comprise excluding cyber-physical components 102 as potential causes of high error metrics 175 (e.g., refining the error group and/or error region), determining anomaly weights for the identified cyber-physical components 102 , the anomaly weights indicating a likelihood that respective cyber-physical components 102 are a cause of the high error metrics 175 , determining error weights for the identified cyber-physical components 102 , the error weights indicating error metrics 175 attributable to respective cyber-physical components 102 , and/or the like.
- the RS agent 110 may be configured to communicate overlapping state keys 160 , evaluate error metrics 175 of the overlapping state keys 160 , and determine and/or refine the cause of error metrics 175 based on the evaluation.
- the RS agent 110 may be configured to adapt communication of state keys 160 in accordance with a cyber-physical isolation scheme.
- a cyber-physical isolation scheme may comprise the RS agent 110 configuring overlapping state keys 160 to isolate selected cyber regions in a cyber isolation scheme (e.g., isolating cyber components 120 , cyber nodes 124 , and/or the like).
- the RS agent 110 may communicate overlapping state keys 160 through isolation CPC paths 108 having same or similar computational and/or physical components 130 / 140 (same or similar physical process couplings 148 ), while varying selected portions of the cyber regions thereof (e.g., varying cyber paths 126 thereof).
- the RS agent 110 may communicate fragments 161 of the overlapping state keys 160 to the same or similar correlators 166 , and/or acquire validation data 171 from the same or similar receivers 168 .
- Implementing a cyber isolation scheme may further comprise the RS agent 110 modifying cyber paths 126 of respective state key fragments 161 (and/or corresponding validation data 171 ) to include and/or omit selected cyber regions, such that communication of the overlapping state keys 160 and/or fragments 161 cover different cyber regions within the overlap region.
- the RS agent 110 may be further configured to evaluate error metrics 175 of the overlapping state keys 160 (and/or state key fragments 161 ), detect changes in the error metrics 175 , and attribute the detected changes to particular cyber regions (in accordance with differences between the cyber components 120 included and/or omitted in the respective isolation CPC paths 108 ).
- Implementing a cyber-physical isolation scheme may further comprise the RS agent isolating physical control regions in a physical isolation scheme (e.g., isolating computational and/or physical components 130 / 140 ), which may comprise the RS agent 110 communicating overlapping state keys 160 through isolation CPC paths 108 having same or similar cyber regions (e.g., cyber paths 126 ), while varying the physical control regions thereof (e.g., varying the computational and/or physical components 130 / 140 , and/or physical couplings 148 through which state key fragments 161 are transmitted and/or corresponding validation data 171 are received).
- a physical isolation scheme e.g., isolating computational and/or physical components 130 / 140
- the RS agent 110 communicating overlapping state keys 160 through isolation CPC paths 108 having same or similar cyber regions (e.g., cyber paths 126 ), while varying the physical control regions thereof (e.g., varying the computational and/or physical components 130 / 140 , and/or physical couplings 148 through
- Implementing a physical isolation scheme may comprise the RS agent 110 communicating state key fragments 161 of the overlapping state keys 160 through the same or similar cyber paths 126 , while modifying the physical control regions to include and/or exclude selected physical components 140 and/or communicate validation data 171 by, across, and/or through different physical processes 150 and/or physical process attributes 152 .
- the RS agent 110 may be further configured to evaluate error metrics 175 of the overlapping state keys 160 , detect changes in the error metrics 175 , and attribute the detected changes to particular computational and/or physical components 130 / 140 (in accordance with the components 130 / 140 included in and/or excluded from the respective isolation CPC paths 108 ).
- the RS agent 110 may detect a state key 160 having an anomalous error metric 175 and, in response, may adapt one or more subsequent state keys 160 to overlap with the region covered thereby (e.g., may generate state keys 160 that overlap the region covered by state key 160 having the anomalous error metric 175 ).
- the RS agent 110 may communicate the overlapping state keys 160 through isolation paths 108 that, as disclosed above, may vary with respect to inclusion and/or exclusion of particular cyber-physical components 102 .
- the RS agent 110 may configure the isolation paths 108 in accordance with a cyber and/or physical isolation scheme, as disclosed above.
- the RS agent 110 may evaluate error metrics 175 of the overlapping state keys 160 .
- the RS agent 110 may indicate that cyber-physical components 102 covered thereby may be excluded as potential causes of the anomalous error metric 175 (may be removed from the error group and/or region).
- the RS agent 110 may indicate that cyber-physical components 102 covered thereby, that have not already been excluded as potential causes of the anomaly, may be retained as a potential cause of the anomaly.
- the RS agent 110 may continue adapting communication of subsequent state keys 160 to further refine the potential causes of the anomaly, which may comprise communicating the subsequent state keys 160 through isolation CPCE paths 108 configured to selectively include and/or exclude cyber-physical components 102 remaining in the error group and/or region.
- the RS agent 110 may continue iteratively adapting communication of subsequent state keys 160 until the cause of the anomaly is determined, no further refinement is possible (per the cyber-physical topology 115 of the control system 101 ), and/or another termination criterion is satisfied.
- state keys 160 and/or state key fragments 161 are described herein, the disclosure is not limited in this regard and may be adapted to utilize any suitable modifications and/or adaptations to the communication of the state keys 160 , state key fragments 161 , and/or the like, to determine, indicate, and/or isolate cyber-physical components 102 , cyber nodes 124 , cyber paths 126 , and/or physical process couplings 148 of the control system 101 such that error metrics 175 (and/or portions thereof) may be attributed thereto.
- the RS agent 110 may be configured to: identify cyber-physical components 102 that are potential causes of the anomaly, and determine anomaly weights for the identified cyber-physical components 102 , the anomaly weights indicating a likelihood that respective cyber-physical components 102 are a cause of the anomaly.
- the identified cyber-physical components 102 may comprise cyber-physical components 102 covered by the state key 160 having the anomalous error metric 175 .
- the RS agent 110 may be configured to assign initial anomaly weights to each identified cyber-physical component 102 , communicate overlapping state keys 160 through isolation CPC paths 108 (according to a cyber and/or physical isolation scheme, as disclosed above), and adjust the anomaly weights of respective cyber-physical components 102 based on the error metrics 175 determined in response to communication of the overlapping state keys 160 through the respective CPC paths 108 .
- the RS agent 110 may be configured to increase the anomaly weights of cyber-physical components 102 covered by overlapping state keys 160 having higher error metrics 175 , and decrease the anomaly weights of cyber-physical components 102 covered by overlapping state keys 160 having lower error metrics 175 .
- the RS agent 110 may be configured to increase the anomaly weights of cyber-physical components 102 included in isolation CPC paths 108 associated with higher fragment errors 177 , and decrease the anomaly weights of cyber-physical components 102 included in isolation CPC paths 108 associated with lower fragment errors 177 .
- the RS agent 110 may continue iteratively refining the anomaly weights of the identified cyber-physical components 102 until a termination criterion is satisfied (e.g., until the anomaly weights have converged, the anomaly weights of respective cyber-physical components 102 diverge sufficiently to enable the cause of the anomalous error metrics 175 to be determined, no further refinement is possible, and/or another criterion is satisfied).
- the RS agent 110 may be configured to determine error weights for cyber-physical components 102 within particular regions of the control system 101 .
- the RS agent 110 may configure a series of state keys 160 for communication through a specified region of the control system 101 , the specified region comprising one or more CPCE 105 (e.g., a series of overlapping state keys 160 ).
- the RS agent 110 may be further configured to communicate the series of overlapping state keys 160 (and/or fragments 161 thereof) through respective isolation CPC paths 108 , and may configure the isolation CPC paths 108 to selectively include and/or exclude particular cyber-physical components 102 .
- the RS agent 110 may compare error metrics 175 of respective overlapping state keys 160 (and/or respective isolation CPC paths 108 ). The comparing may comprise detecting deltas between the error metrics 175 (error metric ⁇ values). In response to detecting an error metric ⁇ that exceeds an error ⁇ threshold, the RS agent 110 may be configured to adapt subsequent state keys 160 to determine a cause and/or source of the error metric ⁇ (e.g., by identifying cyber-physical components 102 that are potential causes of the error metric ⁇ , and implementing cyber and/or physical isolation scheme(s) to refine and/or weight the identified cyber-physical components 102 as potential sources of the error metric ⁇ , as disclosed herein).
- the RS agent 110 may configure a series of state keys 160 for communication through a specified overlap region.
- RS agent 110 may configure the overlapping state keys 160 for communication through respective isolation CPC paths 108 (e.g., in accordance with a cyber-physical isolation scheme, as disclosed herein).
- the RS agent 110 may be configured to determine error weights for respective cyber-physical components 102 within the specified region based on, inter alia, error metrics 175 of the series of overlapping state keys 160 .
- the RS agent 110 may be configured to determine error weights for respective cyber-physical components 102 within a specified region by, inter alia: assigning an initial error weight to each cyber-physical component 102 within the specified region (and/or assigning previously determined error weights thereof), communicating a series of overlapping state keys 160 through respective isolation CPC paths 108 of the specified region, evaluating error metrics 175 of the series of state keys 160 , and adjusting the error weights assigned to the respective cyber-physical components 102 in accordance with the resulting error metrics 175 .
- the RS agent 110 may be configured to increase the error weights of cyber-physical components 102 covered by state keys 160 having higher error metrics 175 , and decrease the error weights of cyber-physical components 102 covered by state keys 160 having lower error metrics 175 .
- the RS agent 110 may be configured to increase the error weights of cyber-physical components 102 included in isolation CPC paths 108 having higher fragment errors 177 , and decrease the error weights of cyber-physical components 102 included in isolation CPC paths 108 having lower fragment errors 177 .
- the RS agent 110 may continue iteratively refining the error weights until a termination criterion is satisfied, as disclosed herein.
- the RS agent 110 may determine cyber-physical health metadata 180 for the control system 101 based on, inter alia, the error metrics 175 determined for state keys 160 communicated through the control system 101 , as disclosed herein.
- the RS agent 110 may be further configured to determine cyber-physical health metrics for respective regions of the control system 101 based on, inter alia, error metrics 175 corresponding to state keys 160 that cover the respective regions.
- the RS agent 110 may determine cyber-physical health metrics for respective CPCE 105 of the control system 101 based on, inter alia, error metrics 175 of state keys 160 that cover the respective CPCE 105 .
- the RS agent 110 may be further configured to determine cyber-physical health metrics for respective CPC paths 108 , which may be based on, inter alia, error metrics 175 corresponding to communication of state keys 160 (and/or state key fragments 161 ) through the respective CPC paths 108 (e.g., fragment errors 177 ).
- the RS agent 110 may be further configured to determine cyber-physical health metrics for particular cyber-physical components 102 (e.g., groups of one or more cyber-physical components 102 , CPCE sections 109 , and/or the like) based on, inter alia, error metrics of state keys 160 and/or state key fragments 161 by, across, and/or through the particular cyber-physical components 102 .
- the RS agent 110 may be further configured to determine cyber-physical health metrics for particular cyber-physical components 102 (and/or groups thereof) based on, inter alia, anomalies attributed thereto, anomaly weights and/or error weights determined therefor, and/or the like, as disclosed herein.
- the RS agent 110 may be further configured to determine confidence metrics pertaining to the cyber-physical state metadata 111 (and/or respective thereof). The confidence metrics may be based on, inter alia, the error metrics 175 determined for state keys 160 communicated through the control system 101 , as disclosed herein.
- the RS agent 110 may be further configured to determine confidence metrics for cyber-physical state metadata 111 corresponding to respective CPCE 105 , CPC paths 108 , CPCE sections 109 , cyber-physical components 102 , and/or the like, based on, inter alia, the error metrics 175 , anomalies attributed thereto, anomaly weights, and/or error weights, as disclosed above.
- the RS agent 110 may be further configured to determine and/or monitor cyber-physical health of the control system 101 (and respective regions thereof), which may comprise determining cyber health metrics 282 indicating and physical health metrics 284 .
- the cyber health metrics 282 may be configured to indicate a cyber health of the control system 101 (and/or respective regions thereof).
- the cyber health metrics 282 may indicate a health of cyber communication within the control system 101 , a health of the CS network 122 (and/or respective portions thereof), a health of respective cyber components 120 , a health of respective cyber nodes 124 , and/or the like.
- the cyber health metrics 282 may be based on, inter alia, error metrics 175 of state keys 160 communicated through CPC paths 108 of the control system 101 (e.g., error metrics 175 for state keys 160 communicated through respective cyber components 120 , cyber nodes 124 , portions of the CS network 122 , and/or the like, as disclosed herein).
- the cyber health metrics 282 may further incorporate confidence metrics determined for the cyber state metadata 220 (and/or portions thereof), as disclosed herein.
- the physical health metrics 284 may be configured to indicate a physical health of the control system 101 (and/or respective regions thereof).
- the physical health metrics 284 may indicate a health of respective CPCE 105 , CPC paths 108 , computational components 130 , physical components 140 , physical control couplings 148 , PPV 155 , and/or the like.
- the physical health metrics 284 may be based on, inter alia, error metrics 175 of state keys 160 communicated through physical control sections 149 of respective CPCE 105 of the control system 101 (e.g., error metrics 175 for validation data 171 communicated by, across, and/or through physical control couplings 148 of the control system 101 , as disclosed herein).
- the physical health metrics 284 may further incorporate confidence metrics determined for the cyber state metadata 220 (and/or portions thereof), as disclosed herein.
- FIG. 4 depicts embodiments of cyber-physical health metadata 180 , as disclosed herein.
- the cyber-physical health metadata 180 may be included in the cyber-physical topology 115 and/or signature schema 116 .
- the cyber-physical health metadata 180 maintained by the RS agent 110 may comprise cyber health metadata 182 and physical health metadata 184 .
- the RS agent 110 may be configured to maintain cyber health metadata 182 and/or physical health metadata 184 corresponding to respective portions of the control system 101 as illustrated in FIG. 1B .
- the RS agent 110 may be configured to determine cyber and/or physical health metadata 182 , 184 pertaining to the CPCE 105 A and/or respective portions thereof.
- the RS agent 110 may be configured to determine cyber health metadata 182 pertaining to respective regions of the cyber section 129 A of CPCE 105 A (respective cyber regions, such as respective cyber components 120 , cyber nodes 124 , cyber paths 126 , and/or the like).
- the cyber health metadata 182 may comprise information pertaining to the cyber health of the control system 101 (and/or respective regions thereof), as disclosed herein.
- the cyber health metadata 182 may comprise one or more cyber health parameters 181 , which may include, but are not limited to: error parameters 181 A, confidence parameters 181 B, state parameters 181 N, and/or the like.
- the error parameters 181 A may comprise information pertaining to error metrics 175 associated with communication of state keys 160 (and/or state key fragments 161 ) by, across, and/or through respective cyber regions of the control system 101 (e.g., respective cyber components 120 , cyber nodes 124 , cyber paths 126 , cyber sections 129 , and/or the like).
- the error parameters 181 A may comprise a distribution of error metrics 175 (e.g., average, mean, minimum, maximum, variance, deviation, and/or the like), an age of the error metrics 175 (e.g., a time since error metrics 175 corresponding to the cyber region were acquired by the RS agent 110 ), error metrics 175 and/or weights attributed to respective cyber regions (e.g., error weights determined for respective cyber region), anomalies attributed to respective cyber regions (e.g., anomaly weights determined for respective cyber regions), and/or the like.
- the confidence parameters 181 B may indicate a confidence in cyber state metadata 220 pertaining to respective cyber regions.
- the confidence parameters 181 B may quantify a confidence that the cyber state metadata 220 corresponding to respective cyber regions accurately represents the cyber states thereof.
- the confidence parameters 181 B may be based on, inter alia, the error parameters 181 A of the cyber health metadata 182 , as disclosed herein.
- the state parameters 181 N may indicate a health of the cyber state of the control system 101 (and/or respective cyber regions thereof).
- the state parameters 181 N may be based on the error and/or confidence parameters 181 A/ 181 B.
- the state parameters 181 N may be determined by, inter alia, comparing a cyber state of the control system 101 (e.g., the cyber state metadata 220 and/or respective portions thereof) to predetermined cyber behaviors (e.g., cyber state baselines, cyber state profiles, and/or the like, as disclosed in further detail herein).
- the state parameters 181 N may indicate a degree to which the cyber state of the control system 101 (and/or respective cyber regions thereof) correspond to “healthy” cyber states and/or behaviors.
- the state parameters 181 N may indicate a degree to which the cyber state of the control system 101 (and/or respective cyber regions thereof) correspond to “unhealthy” cyber states and/or behaviors.
- Determining the state parameters 181 N may comprise comparing cyber state metadata 220 to corresponding cyber state characteristics corresponding to respective “healthy” and/or “unhealthy” cyber behaviors (e.g., “healthy” and/or “unhealthy” cyber state baselines 552 , as disclosed in further detail herein).
- the state parameters 181 N may, therefore, indicate whether the cyber state of the control system 101 (as indicated by the cyber state metadata 220 ) corresponds to “healthy” cyber behavior or to “unhealthy” cyber behavior indicative of cyber-attack, cyber compromise, and/or the like.
- the cyber health metadata 182 may further comprise one or more cyber health metrics 282 , which may be configured to quantify a cyber health of the control system 101 (and/or respective cyber regions thereof).
- the cyber health metrics 282 may be based on, inter alia, health parameters 181 A-N of the cyber health metadata 182 , as disclosed herein.
- the cyber health metrics 282 may be inversely proportional to the error parameters 181 A and/or proportional to the confidence parameters 181 B.
- the cyber health metrics 282 may be inversely proportional to error, differences, and/or distances between the cyber state metadata 220 and “healthy” cyber behaviors and/or proportional to error, differences, and/or distances between the cyber state metadata 220 and “unhealthy” cyber behaviors (as indicated by the state parameters 181 N).
- the physical health metadata 184 may comprise information pertaining to the physical health of the control system 101 (and/or respective regions thereof), as disclosed herein.
- the physical health metadata 184 may comprise one or more physical health parameters 183 , which may include, but are not limited to: error parameters 183 A, confidence parameters 183 B, state parameters 183 N, and/or the like, as disclosed herein.
- the error parameters 183 A may comprise information pertaining to error metrics 175 associated with communication of state keys 160 (and/or state key fragments 161 ) by, across, and/or through respective physical control regions of the control system 101 (e.g., through respective physical control sections 149 ).
- the error parameters 183 A of the physical may comprise a distribution of error metrics 175 (e.g., average, mean, minimum, maximum, variance, deviation, and/or the like), an age of the error metrics 175 (e.g., a time since error metrics 175 corresponding to the physical region were acquired by the RS agent 110 ), error metrics 175 and/or weights attributed to respective physical control regions (e.g., error weights determined for respective physical control regions), anomalies attributed to respective physical control regions (e.g., anomaly weights determined for respective physical regions), and/or the like.
- the confidence parameters 183 B may indicate a confidence in physical state metadata 240 pertaining to respective physical control regions.
- the confidence parameters 183 B may quantify a confidence that the physical state metadata 240 corresponding to respective physical control regions accurately represents the physical states thereof.
- the confidence parameters 183 B may be based on, inter alia, the error parameters 183 A of the physical health metadata 184 , as disclosed herein.
- the state parameters 183 N may indicate a health of the physical state of the control system 101 (and/or respective physical control regions thereof).
- the state parameters 183 N may be based on the error and/or confidence parameters 183 A/ 183 B.
- the state parameters 183 N may be determined by, inter alia, comparing a physical state of the control system 101 (e.g., the physical state metadata 240 and/or respective portions thereof) to predetermined physical control behaviors (e.g., physical state baselines, physical state profiles, and/or the like, as disclosed in further detail herein).
- the state parameters 183 N may indicate a degree to which the physical state of the control system 101 (and/or respective physical control regions thereof) correspond to “healthy” physical states and/or behaviors.
- the state parameters 183 N may indicate a degree to which the physical state of the control system 101 (and/or respective physical control regions thereof) correspond to “unhealthy” physical behaviors.
- Determining the state parameters 183 N may comprise comparing physical state metadata 240 to corresponding physical state characteristics corresponding to respective “healthy” and/or “unhealthy” physical states and/or behaviors (e.g., “healthy” and/or “unhealthy” physical state baselines 554 , as disclosed in further detail herein).
- the state parameters 183 N may, therefore, indicate whether the physical state of the control system 101 (as indicated by the physical state metadata 220 ) corresponds to “healthy” physical behavior or to physical behavior indicative of a component attack, a physical attack, compromise of computational and/or physical components 130 / 140 , a physical failure mode, and/or the like.
- the physical health metadata 184 may further comprise one or more physical health metrics 284 , which may be configured to quantify a physical health of the control system 101 (and/or respective physical regions thereof).
- the physical health metrics 284 may be based on, inter alia, physical health parameters 183 A-N, as disclosed herein.
- the physical health metrics 284 may be inversely proportional to the error parameters 183 A and/or proportional to the confidence parameters 183 B.
- the physical health metrics 284 may be inversely proportional to error, differences, and/or distances between the physical state metadata 240 and “healthy” physical behaviors and/or proportional to error, differences, and/or distances between the physical state metadata 240 and “unhealthy” physical behaviors (as indicated by the state parameters 183 N).
- the RS agent 110 may be configured to maintain a cyber health metadata 182 (and cyber health metrics 282 ) pertaining to the control system 101 (and/or respective cyber regions thereof.
- the RS agent 110 may be configured to determine and/or maintain a plurality of cyber health metadata 182 A-N (and corresponding cyber health metrics 282 ), including cyber health metadata 182 A-E pertaining to the health of cyber regions comprising respective cyber nodes 124 A-E of CPCE 105 A (and corresponding cyber state metadata 220 A-E), cyber health metadata 182 F-H pertaining to the health of cyber regions corresponding to respective cyber paths 126 of CPCE 105 A (and corresponding cyber state metadata 220 A-C, 220 A-D, and 220 A-E, respectively), and a cyber health metadata 182 L pertaining to the health of the cyber section 129 of CPCE 105 A (and corresponding cyber state metadata 220 A-E).
- the RS agent 110 may be further configured to determine cyber health metadata 182 N pertaining to
- the RS agent 110 may be further configured to maintain physical health metadata 184 (and physical health metrics 284 ) pertaining to the control system 101 (e.g., respective physical control regions thereof).
- FIG. 4 illustrates embodiments of physical health metadata 184 pertaining to CPCE 105 A, including: physical health metadata 184 A-E pertaining to sensor devices 144 A-B and actuator devices 146 A-B, respectively (and corresponding physical state metadata 240 A-D); physical health metadata 184 E pertaining to the controller 132 (and corresponding physical state metadata 240 E); physical health metadata 184 F pertaining to the health of physical components 140 of CPCE 105 A (e.g., sensor and actuator devices 144 A-B/ 146 A-B, and corresponding physical state metadata 240 A-D); and physical state metadata 184 G pertaining physical control section 149 A (e.g., the controller 132 , sensor devices 144 A-B, actuator devices 146 A-B, PPV 155 A, and corresponding physical state metadata 240 A-E).
- the RS agent 110 may be further configured to implement mitigation operations based on and/or in response to the error metrics 175 , the determined cyber-physical health metadata 180 , cyber health metadata 182 , cyber health metrics 282 , physical health metadata 184 , physical health metrics 284 , and/or the like.
- the mitigation operations may include, but are not limited to: providing access to the cyber-physical state of the control system 101 (and/or respective regions thereof), providing access to the cyber state metadata 220 (and/or respective portions thereof), providing access to the physical state metadata 240 (and/or respective portions thereof), providing access to the error metrics 175 determined by the RS agent 110 , providing access to the cyber-physical health metadata 180 determined by the RS agent 110 (and/or respective portions thereof), providing access to cyber health metadata 182 and/or cyber health metrics 282 determined by the RS agent 110 , providing access to physical health metadata 184 and/or physical health metrics 284 determined by the RS agent 110 , and/or the like.
- Providing access may comprise generating notifications pertaining to one or more of the: cyber-physical state of the control system 101 , cyber-physical state metadata 111 , cyber state metadata 220 , physical state metadata 240 , cyber-physical health metadata 180 , cyber health metadata 182 , cyber health metrics 282 , physical health metadata 184 , physical health metrics 284 , and/or the like.
- Generating notifications may comprise sending notifications to one or more users and/or end-points within the CS network 122 and/or one or more external networks (e.g., computing devices, RTU, HMI devices, automation controllers 134 , and/or the like).
- the mitigation operations may comprise generating notifications in response to error metrics 175 that exceed one or more error thresholds. Generating notifications pertaining to an error metric 175 that exceeds a determined error threshold and/or an anomalous error metric 175 , may comprise generating a notification identifying the error metric 175 , a CPCE 105 associated with the error metric 175 , the cyber-physical component(s) 102 identified as the cause and/or source of the error metric 175 , cyber-physical components 102 identified as potential causes and/or sources of the error metric 175 (and/or respective weights assigned thereof), and/or the like.
- Generating notifications pertaining to a cyber and/or physical confidence metric may comprise generating a notification identifying the confidence metric, a CPCE 105 associated with the confidence metric, cyber-physical state metadata 111 corresponding to the confidence metric, cyber-physical components 102 associated with the cyber-physical state metadata 111 , and/or the like.
- the mitigation operations may comprise generating notifications in response to cyber health metadata 182 , cyber health parameters 181 , and/or cyber health metrics 282 failing to satisfy one or more cyber health thresholds.
- the mitigation operations may comprise generating notifications in response to determining that the cyber state of the control system 101 (and/or a region thereof) corresponds to particular cyber behaviors (e.g., “healthy” cyber behavior, “unhealthy” cyber behavior, or the like as indicated by state metrics 181 N of the cyber health metadata 184 , as disclosed herein).
- Generating notifications pertaining to cyber health metrics 282 may comprise generating a notification identifying the cyber health metrics 282 , a cyber region corresponding to the cyber health metrics 282 (e.g., cyber components 120 , cyber nodes 124 , CPCE 105 , and/or the like), cyber behavior associated with the cyber health metrics 282 (e.g., “healthy” or “unhealthy” cyber behavior corresponding to the cyber health metrics 282 ), and/or the like.
- the mitigation operations may comprise generating notifications in response to physical health metadata 184 , physical health parameters 181 , and/or physical health metrics 284 failing to satisfy one or more physical health thresholds.
- the mitigation operations may comprise generating notifications in response to determining that the physical state of the control system 101 (and/or a region thereof) corresponds to particular physical behaviors (e.g., “healthy” physical behavior, “unhealthy” physical behavior, or the like as indicated by state metrics 181 N of the physical health metadata 184 , as disclosed herein).
- Generating notifications pertaining to physical health metrics 284 may comprise generating a notification identifying the physical health metrics 284 , a physical control region corresponding to the physical health metrics 284 (e.g., computational components 130 , physical components 140 , CPCE 105 , and/or the like), physical behavior associated with the physical health metrics 284 (e.g., “healthy” or “unhealthy” physical behavior corresponding to the physical health metrics 284 ), and/or the like.
- a physical control region corresponding to the physical health metrics 284 e.g., computational components 130 , physical components 140 , CPCE 105 , and/or the like
- physical behavior associated with the physical health metrics 284 e.g., “healthy” or “unhealthy” physical behavior corresponding to the physical health metrics 284
- the mitigation operations may comprise operations to modify CPCE 105 , CPC paths 108 , respective cyber-physical components 102 , and/or the like.
- the mitigation operations may comprise modifying CPCE 105 associated with high error metrics 175 , anomalies, poor cyber health metrics 282 , poor physical health metrics 284 , “unhealthy” cyber behavior, “unhealthy” physical behavior, and/or the like.
- the mitigation operations may comprise slowing control function(s) of respective CPCE 105 , halting control function(s) of the CPCE 105 , modifying the control function(s) of the CPCE 105 (e.g., implementing a “safe mode” of the CPCE 105 ), isolating the CPCE 105 from other CPCE 105 of the control system 101 , isolating cyber-physical components 102 of the CPCE 105 from other cyber-physical components 102 of the control system 101 , and/or the like.
- the RS agent 110 may implement mitigation operations in accordance with the security policy 211 .
- the security policy 211 may be maintained within memory and/or storage resources of the RS agent 110 (e.g., in volatile memory, non-volatile memory, non-transitory storage, and/or the like). Alternatively, or in addition, the RS agent 110 may be communicatively coupled to the security policy 211 maintained within memory and/or storage resources of another cyber-physical component 102 of the control system 101 .
- the security policy 211 may define triggers for respective mitigation operations, as disclosed herein (e.g., may define error thresholds, health thresholds, confidence thresholds, and/or the like).
- the security policy 211 may further comprise information pertaining to notifications (e.g., specify contents of the notifications, recipients and/or end points for the notifications, and/or the like).
- the security policy 211 may further define mitigation operations to implement in response to particular error metrics 211 , health metrics, confidence metrics, and/or the like.
- the security policy 211 may specify modifications to respective CPCE 105 , control functions, the cyber-physical topology 115 (to isolate respective CPCE 105 and/or cyber-physical components 102 ), and/or the like.
- FIG. 5A is a schematic block diagram of another embodiment of a cyber-physical system 100 comprising a resilient security agent 110 , as disclosed herein.
- the cyber-physical system 100 comprises a control system 101 , as disclosed herein.
- the control system 101 of the FIG. 5A embodiment may comprise a plurality of CPCE 105 A-N, each CPCE 105 A-N comprising respective computational components 130 (e.g., respective controllers 132 A-N) configured to implement a control function pertaining to respective PPV 155 A-N (e.g., respective physical processes 150 A-N) by use of respective physical components 140 A-N (e.g., respective sensor and actuator devices 144 A-N/ 146 A-N).
- 5B is a schematic diagram of data structures configured to represent and/or correspond to a cyber-physical topology 115 of the control system 101 .
- the controllers 132 A-N may comprise and/or correspond to respective cyber nodes 124 A-N.
- the controllers 132 A-N may be coupled to physical components 140 through cyber nodes 1240 and 124 P, respectively.
- the physical components 140 A-N may be operatively coupled to PPV 155 A-N of respective CPCE 105 A-N (sensor and actuator devices 144 A-N/ 146 A-N may be operatively coupled to physical processes 150 A-N of CPCE 105 A-N, respectively).
- sensor and actuator devices 144 A-N/ 146 A-N may be operatively coupled to physical processes 150 A-N of CPCE 105 A-N, respectively).
- the cyber-physical topology 115 may further comprise information pertaining to respective CPCE 105 A-N, including information pertaining to the physical control sections 149 A-N and/or cyber sections 129 A-N, thereof, as disclosed herein.
- the physical control sections 149 A-N may identify: the computational components 130 configured to implement control functions of the respective CPCE 105 A-N (e.g., controllers 132 A-N), and the physical components 140 by which the control functions are realized (e.g., actuator devices 146 A-N and sensor devices 144 A-N, respectively).
- the cyber sections 129 A-N comprise information pertaining to cyber paths 126 between respective controllers 132 A-N and the physical components 140 A-N thereof (e.g., cyber paths coupling each controller 132 A-N to respective actuator devices 146 A-N and sensor devices 144 A-N).
- FIG. 5B further illustrates embodiments of cyber-physical state metadata 111 configured to, inter alia, comprise, define, and/or characterize a cyber-physical state of the control system 101 , as disclosed herein.
- the cyber-physical state metadata 111 may comprise cyber state metadata 220 and/or physical state metadata 240 , as disclosed herein.
- the cyber state metadata 220 may be configured to comprise, define, and/or characterize respective regions of the control system 101 (e.g., respective cyber-physical components 102 , cyber nodes 124 , cyber paths 126 , CPCE 105 , CPC paths 108 , and/or the like).
- respective cyber-physical components 102 e.g., cyber nodes 124 , cyber paths 126 , CPCE 105 , CPC paths 108 , and/or the like.
- the cyber-physical state metadata 111 may comprise: cyber state metadata 220 A-N, and cyber state metadata 220 N-P, which may comprise cyber state parameters 222 configured to characterize the state of respective cyber nodes 124 A-P, as disclosed herein (individual cyber state parameters 222 not shown in FIG. 5B to avoid obscuring details of the illustrated embodiments).
- the cyber state metadata 220 may comprise physical state metadata 220 Z configured to characterize a cyber state of the cyber-physical system 100 (e.g., may correspond to a cyber state of the CS network 122 and/or the cyber nodes 124 coupled thereto).
- the cyber-physical state metadata 111 may further comprise: physical state metadata 240 AA-ND, which may comprise physical state parameters 242 configured to characterize the physical state of respective actuator devices 146 A-N, sensor devices 144 A-N, and/or controllers 132 A-N, as disclosed herein (individual physical state parameters 242 not shown in FIG. 5B to avoid obscuring details of the illustrated embodiments).
- the physical state metadata 240 may comprise an entry 240 ZZ configured to characterize a physical state of the control system 101 (e.g., may correspond to a physical state of the computational and/or physical components 130 / 140 of the control system 101 ).
- FIG. 5B further illustrates embodiments of a signature schema 116 , which may comprise and/or define CPSS 118 pertaining to respective regions of the control system 101 (e.g., respective cyber regions, physical control regions, and/or the like).
- the signature schema 116 may define cyber state signatures 228 A-P, which may characterize a state of cyber communication at respective cyber nodes 124 A-P, and may be derived from respective cyber state metadata 220 A-P, as disclosed herein.
- the signature schema 116 may further define cyber signatures 228 Q-S, which may be configured to characterize a cyber state of respective cyber sections 129 A-N of CPCE 105 A-N (may be derived from cyber state metadata 220 characterizing the cyber state of cyber nodes 124 included in the respective cyber sections 129 A-N).
- the signature schema 116 may comprise a cyber state signature 228 Z, which may be configured to characterize a cyber state of the cyber-physical system 100 .
- the signature schema 116 may further define physical state signatures 248 AA-AC, which may be configured to characterize portions of the physical control section 149 A of CPCE 105 A (e.g., characterize a physical state of the actuator device 146 A, sensor device 144 A, and controller 132 A, respectively).
- the signature schema 116 may further define a physical state signature 248 AD, which may be configured to characterize a state of the physical control section 149 A of CPCE 105 A, as disclosed herein.
- the signature schema 116 may define similar physical state signatures 248 BA-BN through 248 NA-ND, which may be configured to characterize a physical state of respective physical control sections 149 B-N of CPCE 105 B-N.
- the signature schema 116 may define a physical state signature 240 ZZ, which may be configured to characterize a physical state of the control system 101 .
- the control system 101 may comprise an RS agent 110 , as disclosed herein.
- the RS agent 110 may comprise and/or be communicatively coupled to cyber-physical state metadata 111 , as disclosed herein.
- the RS agent 110 may be configured for operation on an automation controller 134 , which may be communicatively coupled to the controllers 132 A-N of respective CPCE 105 A-N.
- the automation controller 134 may be configured to control and/or manage the CPCE 105 A-N, as disclosed herein (e.g., may configure the controllers 132 A-N to implement one or more higher-level functions pertaining to the physical processes 150 A-N).
- the signature schema 116 may further comprise and/or correspond to cyber-physical health metadata 180 determined by the RS agent 110 .
- the RS agent 110 may be configured to maintain cyber-physical health metadata 180 corresponding to respective cyber and/or physical regions of the control system 101 (e.g., at a same and/or similar granularity as the signature schema 116 ).
- the disclosure is not limited in this regard, however, and may be adapted to maintain cyber and/or physical health metadata 182 / 184 in any suitable data structure and/or at any suitable level of granularity.
- the granularity at which the cyber-physical health metadata 180 are maintained may correspond to, inter alia, the cyber-physical topology 115 (may correspond to a granularity at which the RS agent 110 is capable of assigning error metrics 175 to respective cyber-physical components 102 , as disclosed herein).
- the RS agent 110 may comprise a security module 510 , which may be configured to, inter alia, communicate state keys 160 through selected CPCE 105 A-N of the control system 101 , determine error metrics 175 corresponding to communication of the respective state keys 160 , and/or determine cyber-physical health metadata 180 for the control system 101 based on, inter alia, the determined error metrics 175 , as disclosed herein.
- a security module 510 may be configured to, inter alia, communicate state keys 160 through selected CPCE 105 A-N of the control system 101 , determine error metrics 175 corresponding to communication of the respective state keys 160 , and/or determine cyber-physical health metadata 180 for the control system 101 based on, inter alia, the determined error metrics 175 , as disclosed herein.
- the RS agent 110 may further comprise a key module 512 configured to generate state keys 160 , a parse module 514 configured to parse state keys 160 into respective state key fragments 161 A-N, a communication module 516 configured to communicate the state key fragments 161 A-N through selected regions of the control system 101 , and a reconstruction module 514 configured to generate validation keys 170 corresponding to the state keys 160 by use of validation data 171 A-N acquired in response to communication of the fragments 161 A-N thereof.
- a key module 512 configured to generate state keys 160
- a parse module 514 configured to parse state keys 160 into respective state key fragments 161 A-N
- a communication module 516 configured to communicate the state key fragments 161 A-N through selected regions of the control system 101
- a reconstruction module 514 configured to generate validation keys 170 corresponding to the state keys 160 by use of validation data 171 A-N acquired in response to communication of the fragments 161 A-N thereof.
- the RS agent 110 may comprise, be embodied by, and/or be coupled to computing resources 201 , which may include, but are not limited to: processing resources 202 , storage resources 204 , cyber communication resources 206 , and/or the like, as disclosed herein. Portions of the RS agent 110 (e.g., one or more of the modules 510 , 512 , 514 , 516 , 518 , and/or portion(s) thereof) may be embodied by the computing resources 201 (e.g., may comprise and/or be embodied by hardware components of the computing resources 201 , such as one or more processors, programmable logic, and/or the like).
- computing resources 201 may include, but are not limited to: processing resources 202 , storage resources 204 , cyber communication resources 206 , and/or the like, as disclosed herein.
- Portions of the RS agent 110 e.g., one or more of the modules 510 , 512 , 514 , 516 ,
- one or more of the modules 510 , 512 , 514 , 516 , and/or 518 of the RS agent 110 may be embodied as computer-readable instructions 205 stored within the non-transitory storage resources 206 , as disclosed herein.
- the security module 510 may be configured to communicate state keys 160 in accordance with a security policy 211 .
- the security policy 211 may comprise and/or specify any suitable information pertaining to operation of the RS agent 110 including, but not limited to: a rate at which state keys 160 are communicated through the control system 101 (e.g., a frequency, period, and/or the like), thresholds (e.g., error thresholds, key error thresholds, fragment error thresholds, health thresholds, confidence thresholds, and/or the like), a mitigation policy, and/or the like.
- the security policy 211 may comprise and/or correspond to a coverage schema 511 .
- the coverage schema 511 may comprise a scheme for coverage of the control system 101 (and/or respective portions thereof) by respective state keys 160 and/or the CPKD 162 of the respective state keys 160 .
- the coverage schema 511 may define criteria by which regions through which respective state keys 160 (and/or the fragments 161 A-N thereof) are to be communicated may be selected.
- the coverage schema 511 may further define criteria by which regions of the control system 101 to be covered by CPKD 162 of the respective state keys 160 may be selected (e.g., a configuration of CPSS 118 and/or cyber-physical state parameters 112 from which to derive the CPKD 162 of respective state keys 160 ).
- the coverage schema 511 may further comprise a schema for parsing state keys 160 into respective fragments 161 A-N, communicating the state key fragments 161 A-N and/or corresponding validation data 171 A-N through selected CPE paths 108 , reconstructing the validation data 171 A-N to form respective validation keys 170 , and so on.
- the security module 510 may adapt the coverage schema 511 in accordance with a cyber-physical state of the control system 101 , error metrics 175 of respective state keys 160 , and/or the like.
- the security module 510 may be configured to, inter alia, adapt the coverage schema 511 in accordance with an isolation scheme, as disclosed herein (e.g., to implement a cyber-physical isolation scheme).
- the security module 510 may be configured to adapt the coverage schema 511 to determine and/or refine potential causes of high error metrics, determine anomaly weights for respective regions of the control system 101 (e.g., respective cyber-physical components 102 ), characterize a cyber-physical health of selected regions of the control system 101 , determine error weights for respective regions of the control system 101 (e.g., respective cyber-physical components 102 ), and/or the like, as disclosed herein.
- the key module 512 may be configured to generate state keys 160 (e.g., may comprise a state key generator, as disclosed herein).
- the key module 512 may be configured to generate state keys 160 configured to cover selected regions of the control system 101 (e.g., state keys 160 configured for communication through CPC paths 108 of the selected regions).
- the key module 512 may be further configured to generate state keys 160 comprising CPKD 160 configured to cover selected regions of the control system 101 (e.g., CPKD 162 comprising cyber key data and/or physical key data configured to cover selected regions of the control system 101 ).
- the key module 512 may be configured to generate state keys 160 in response to commands from the security module 510 , which may be configured to specify regions to be covered by the state keys 160 and/or specify CPKD 162 to include in the state keys 160 (e.g., cyber-physical state parameters 112 , CPSS 118 , and/or the like).
- commands from the security module 510 may be configured to specify regions to be covered by the state keys 160 and/or specify CPKD 162 to include in the state keys 160 (e.g., cyber-physical state parameters 112 , CPSS 118 , and/or the like).
- the parse module 514 may be configured to parse state keys 160 into a plurality of fragments 161 A-N, as disclosed herein.
- the parse module 514 may be configured to parse the state keys 160 , such that the fragments 161 A-N thereof pertain to corresponding CPKD fragments 163 A-N.
- the parse module 514 may be configured to parse the state keys 160 in accordance with the cyber-physical state metadata 111 , cyber-physical topology 115 and/or signature schema 116 for the control system 101 (e.g., in accordance with a parsing schema 117 , as disclosed herein).
- the communication module 516 may be configured to monitor and/or cover selected regions of the control system 101 , which may comprise communicating state keys 160 (and/or fragments 161 A-N thereof) through the selected regions of the control system 101 .
- the communication module 516 may be configured to communicate state keys 160 through CPCE 105 and/or CPC paths 108 specified by the security module 510 .
- the security module 510 may select CPCE 105 and/or CPC paths 108 for communication of respective state keys 160 and/or state key fragments 161 A-N in accordance with a key scheme, which may comprise selection criteria by which the security module 510 may select CPCE 105 and/or CPC paths 108 .
- the selection criteria may comprise a weighted criterion, in which CPCE 105 A-N are assigned respective weights (w i comprising the weight assigned to the ith CPCE 105 of CPCE 105 A-N).
- the security module 510 may be configured to select CPCE 105 A-N in accordance with the weights assigned thereto (e.g., in a weighted selection, weighted round-robin selection, and/or the like).
- the security module 510 may be further configured to determine weights for respective CPCE 105 A-N based on one or more weighting factors. In some embodiments, the security module 510 may be configured to assign weights to respective CPCE 105 A-N, as follows:
- W i is the weight assigned to the ith CPCE 105 of CPCE 105 A-N
- W pri,i may be a weighting factor assigned to the CPCE 105 , which may correspond to a relative priority for monitoring of the CPCE 105 compared to others of the CPCE 105 A-N
- W err may be a weighting and/or scaling factor applied to error metrics 175 and/or error parameters 181 A/ 183 A of the CPCE 105 (e i ), such that CPCE 105 having higher error metrics 175 and/or error parameters 181 A/ 183 A are monitored more frequently than other CPCE 105 .
- W err_age may be a weighting and/or scaling factor applied to an error age parameter (err_age i ), which may correspond to an age of the error metrics 175 (and/or error parameters 181 A/ 183 A) of the CPCE 105 (e.g., a time elapsed since a state key 160 and/or state key fragment 161 was last communicated through the CPCE 105 ), such that CPCE 105 having higher error age parameters are more likely to be selected than other CPCE 105 .
- the security module 510 may be configured to select CPCE 105 and/or CPC paths 108 in accordance with an isolation scheme, as disclosed herein.
- the security module 510 may be configured to adapt communication of a sequence of state keys 160 (and/or fragments 161 A-N thereof) such that resulting error metrics 175 may be attributed to particular cyber and/or physical regions of the control system 101 (e.g., to determine a cause and/or source of high error metrics 175 , as disclosed herein).
- the communication module 516 may be configured to transmit state key fragments 161 A-N through CPCE 105 and/or CPC paths 108 selected by the security module 510 , as disclosed herein. Communication of a state key fragment 161 through a CPC path 108 may comprise transmitting the fragment 161 to a selected correlator 166 (e.g., an actuator device 146 ), and receiving corresponding validation data 171 from a receiver 168 (e.g., a sensor device 144 ).
- a selected correlator 166 e.g., an actuator device 146
- receiving corresponding validation data 171 from a receiver 168 e.g., a sensor device 144
- Communication through a CPC path 108 may comprise communication of validation data 171 corresponding to the state key fragment 161 through a physical control coupling 148 that comprises and/or corresponds to the PPV 155 of the selected CPCE 105 (e.g., a particular physical process 150 ), as disclosed herein.
- the communication module 516 may be further configured to acquire validation data 171 A-N corresponding to each state key fragment 161 A-A, validate message(s) comprising the validation data 171 A-N, determine a latency of the validation data 171 A-N, synchronize the validation data 171 A-N, associate the validation data 171 A-N with the state key 160 and/or corresponding CPKD fragments 163 A-N thereof, and/or the like, as disclosed herein.
- the reconstruction module 518 may be configured to generate a validation key 170 , validation CPKD 172 , and/or validation CPKD fragments 173 A-N by use of, inter alia, the acquired validation data 171 A-N.
- the reconstruction module 518 may be configured to generate a cyber-physical reconstruction of the state key 160 (validation key 170 ) from cyber-physical reproductions (validation data 171 A-N) of the respective fragments 161 A-N thereof, as disclosed herein.
- the security module 510 of the RS agent 110 may be further configured to, inter alia, determine error metrics 175 in response to communication of respective state keys 160 , as disclosed herein.
- the error metrics 175 may comprise key errors 176 configured to quantify errors and/or differences between state keys 160 (and/or the CPKD 162 thereof) and corresponding validation keys 170 (and/or the validation CPKD 162 thereof), as disclosed herein.
- the error metrics 175 may comprise fragment errors 177 A-N, which may be configured to quantify errors and/or differences between state key fragments 161 A-N (and/or CPKD fragments 163 A-N thereof) and corresponding validation data 171 A-N (and/or CPKD fragments 163 A-N thereof).
- the security module 510 may be further configured to determine cyber-physical health metadata 180 , including cyber health metadata 182 and/or physical health metadata 184 based on, inter alia, the determined error metrics 175 , as disclosed herein.
- the security module 510 may be further configured to determine, adapt, and/or modify the coverage schema 511 based on, inter alia, error metrics 175 and/or cyber-physical health metadata 180 pertaining to the control system 101 .
- the coverage schema 511 may specify a configuration of state keys 160 generated and/or communicated by the RS agent 110 .
- the coverage schema 511 may define a configuration of one or more subsequent state keys 160 , sequences of state keys 160 , and/or the like.
- the security module 510 may determine the coverage schema 511 in accordance with, inter alia, the error metrics 175 and/or cyber-physical health metadata 180 .
- the security module 510 may be configured to determine a source and/or cause of high error metrics 175 .
- the security module 510 may detect error metrics 175 that exceed one or more thresholds in response to communication of an identified state key 160 (and/or fragments 161 A-N thereof) through particular CPCE 105 A-N. In response, the security module 510 may implement an iterative isolation scheme (e.g., a cyber-physical isolation scheme, as disclosed herein). Each iteration of the isolation scheme may comprise the security module 510 configuring a subsequent state key 160 , such that the subsequent state key 160 correlates and/or relates to the identified state key 160 .
- an iterative isolation scheme e.g., a cyber-physical isolation scheme, as disclosed herein.
- a state key 160 that correlates and/or relates to a particular state key 160 refers to a state key 160 configured for communication through the same CPCE 105 A-N as the particular state key 160 and/or through related CPC paths 108 as the particular state key 160 .
- the security module 510 may configure the subsequent state key 160 to correspond to the identified state key 160 (by use of the coverage schema 511 ), such that the subsequent state key 160 (and/or fragments 161 A-N thereof) is configured for communication through the particular CPCE 105 A-N and/or CPC paths 108 corresponding to the identified CPC paths 108 .
- the security module 510 may further configure the subsequent state key 160 for communication through CPC paths 108 that differ from the identified CPC paths 108 (and/or CPC paths 108 of one or more previous iterations) with respect to inclusion/exclusion of particular cyber-physical components 102 .
- the iterative isolation scheme may comprise identifying a group of cyber-physical components 102 that are potential causes of the high error metrics 175 , which may comprise determining cyber-physical components 102 comprising the particular CPCE 105 A-N.
- Each iteration of the isolation scheme may comprise configuring a state key 160 for communication through the particular CPCE 105 A-N via a CPC path 108 that includes and/or excludes one or more of the cyber-physical components of the group, evaluating error metrics 175 of the subsequent state key 160 , and either removing or retaining respective cyber-physical components 102 within the group based on, inter alia, evaluation of the error metrics 175 (and/or weighting respective cyber-physical components 102 of the group), as disclosed herein.
- the security module 510 may continue the iterative isolation scheme until the source of the high error metric is determined, no further refinement of the source of the error is possible, and/or other termination criteria have been satisfied.
- the security module 510 may update the cyber-physical health metadata 180 and/or implement one or more mitigation operations, as disclosed herein.
- the security module 510 may use the coverage schema 511 to generate an isolation sequence (e.g., a sequence of overlapping state keys 160 , as disclosed herein).
- the isolation sequence may be configured, such that differences in the error metrics 175 of respective overlapping state keys 160 thereof may be attributed to particular regions of the control system 101 (e.g., particular cyber-physical components 102 , cyber nodes 124 , cyber paths 126 , CPCE 105 , CPC paths 108 , CPCE sections 109 , and/or the like, as disclosed herein).
- Implementing an isolation sequence may comprise the security module 510 iteratively communicating overlapping state keys 160 through respective isolation CPC paths 108 , evaluating the resulting error metrics 175 , and attributing differences in the error metrics 175 to particular regions of the control system 101 , as disclosed herein.
- the security module 510 may continue iteratively communicating overlapping state keys 160 until error metrics 175 are attributed to respective regions thereof at a designated level of granularity, no further refinement is possible, and/or other termination criteria are satisfied.
- Implementing an isolation sequence may further comprise the security module 510 updating the cyber-physical health metadata 180 in accordance with the error metrics 175 attributed to the respective regions of the control system 101 , as disclosed herein.
- the following is an exemplary isolation sequence comprising state keys 160 A-N configured for communication through an overlap region comprising CPCE 105 A-N (e.g., overlapping state keys 160 A-N).
- 126 170B 176B 161BA 124A, O 146A 150A 144A 1240, A 171BA: ⁇ 105A ⁇ 177BA 161BN 124N, P 146N 150N 144N 124P, N 171BN: ⁇ 105N ⁇ 177BN 160C ⁇ 105B, N ⁇ 175C Fragments In. 126 148 Ret. 126 170C: 176C 161CA 124B, O 146B 150B 144B 124O, B 171CA: ⁇ 105B ⁇ 177CA 161CN 124N, P 146N 150N 144N 124P, N 171CN: ⁇ 105N ⁇ 177CN
- fragments 161 AA-AN of state key 160 A may be configured for communication through CPCE 105 A and 105 N, respectively; fragments 161 BA-BN of state key 160 B may be configured for communication through CPCE 105 A and 105 N, respectively; and so on, with fragments 161 CA-CN of state key 160 C being communicated through CPCE 105 B and 105 N, respectively.
- the resulting error metrics 175 A-C may comprise key errors 176 A-C, which may indicate error between state keys 160 A-N and corresponding validation keys 170 A-C, and fragment errors 177 AA-CN, which may indicate error between state key fragments 161 AA-CN and corresponding validation data 171 AA-CN.
- the security module 510 may be configured to evaluate the error metrics 175 A-N in order to, inter alia, attribute differences therebetween to respective regions of the control system 101 , as disclosed herein. In one embodiment, the security module 510 may evaluate key errors 175 A-C in order to, inter alia, attribute differences to particular CPCE 105 A-N.
- key error 176 C may be significantly lower than key errors 176 A and/or 176 B, which may be substantially the same (e.g., key error 176 C may be lower than 176 A and 176 B by ⁇ E).
- the security module 510 may determine that the cause of ⁇ E is CPCE 105 A (since the higher key errors 176 A and 176 C both include error introduced by CPCE 105 C, which is excluded from key error 176 C).
- the security module 510 may also exclude cyber node 1240 as a potential cause of the increased error since, inter alia, cyber node 1240 is also included in the lower key error 176 C.
- the security module 510 may, therefore, refine the error region and/or error group to components 132 A, 144 A, and/or 146 A.
- the security module 510 may determine that further refinement is not possible without creation of an alternative physical control coupling 148 for physical process 150 A (e.g., a physical control coupling 148 that includes/excludes one or more of the actuator device 146 A and/or sensor device 144 A).
- the security module 510 may be further configured to verify that ⁇ E is attributable to CPCE 105 A by, inter alia, adapting one or more subsequent state keys 160 to include and/or exclude CPCE 105 A (and/or the physical control region thereof), and evaluating the resulting error metrics 175 , as disclosed herein.
- a difference between key errors 176 A and 176 B may correspond to a difference between E ⁇ 105 B ⁇ and E ⁇ 105 N ⁇ ( ⁇ BN)
- the difference between key errors 176 B and 176 C may correspond to a difference between E ⁇ 105 A ⁇ and E ⁇ 105 B ⁇ ( ⁇ AB)
- a difference between key errors 176 A and 176 C may correspond to a difference between E ⁇ 105 A ⁇ and E ⁇ 105 N ⁇ ( ⁇ BN).
- the security module 510 may attribute the determined differences to respective CPCE 105 A-N and/or adapt subsequent state keys 160 to verify and/or further refine the determined differences, as disclosed herein.
- the security module 510 may be further configured to attribute differences between fragment errors 177 AA-CN to respective regions of the control system 101 and/or adapt subsequent state keys 160 to verify and/or further refine the determined differences, as disclosed herein.
- the security module 510 may configure one or more subsequent state keys 160 D-F for communication through respective CPCE 105 of CPCE 105 A-N, as follows:
- 126 170E 176E 161EA 124B, O 146B 150B 144B 124P, B 171EA: ⁇ 105B ⁇ 177EA 161EN 124B, O 146B 150B 144B 124P, B 171EN: ⁇ 105B ⁇ 177EN 160F ⁇ 105B, N ⁇ 175F Fragments In. 126 148 Ret. 126 170F: 176F 161FA 124N, P 146N 150N 144N 124P, N 171FA: ⁇ 105N ⁇ 177FA 161FN 124N, P 146N 150N 144N 124P, N 171FN: ⁇ 105N ⁇ 177FN
- fragments 161 DA-FN of state keys 160 D-F may be communicated through same and/or similar CPC paths 108 through respective CPCE 105 A-N. Accordingly, the resulting key errors 170 F-E may correspond to communication error through the respective CPCE 105 A-N and differences between key errors 170 F-E and key errors 170 A-C may be attributable to respective CPCE 105 A-N, as disclosed herein. Moreover, differences in fragment errors 177 DA-DN, 177 EA-EN, and/or 177 FA-FN of the respective state keys 160 D-F may be attributable to individual cyber-physical components 102 of the CPCE 105 A-N, as disclosed herein.
- the security engine 510 may be further configured to determine cyber-physical state confidence (CPSC) metrics 575 , which may be configured to, inter alia, quantify a confidence in the accuracy of the cyber-physical state metadata 111 (and/or respective portions thereof).
- the CPCS metrics 575 may be based on, inter alia, error metrics 175 determined for respective state keys 160 .
- the error metrics 175 may quantify a degree to which CPDK 162 is modified during communication through respective CPC paths 108 .
- the error metrics 175 may, therefore, indicate the likelihood that cyber and/or physical state information acquired from cyber-physical components 102 of respective CPC paths 108 is accurate (e.g., accurately represents the actual, current cyber and/or physical state of the control system 101 and/or respective regions thereof).
- the security engine 510 may determine CPSC metrics 575 to be inversely proportional to the error metrics 175 .
- the security engine 510 may determine CPSC metrics 575 for respective portions of the cyber-physical state metadata 111 .
- the security engine 510 may determine CPSC metrics 575 for regions of the control system 101 based on, inter alia, error metrics 175 of state keys 160 covering the respective regions.
- the security engine 510 may determine CPSC metrics 575 for cyber regions of the control system 101 (e.g., cyber state metadata 220 configured to characterize a state of respective cyber components 120 , cyber nodes 124 , cyber paths 126 , and/or the like) based on, inter alia, error metrics 175 corresponding to communication of respective state key fragments 161 (and/or corresponding validation data 171 ) by, across, and/or through the respective cyber regions.
- cyber state metadata 220 configured to characterize a state of respective cyber components 120 , cyber nodes 124 , cyber paths 126 , and/or the like
- the security engine 510 may determine CPSC metrics 575 for physical control regions of the control system 101 (e.g., physical state metadata 240 configured to characterize a state of respective computational component 130 , physical components 140 , physical control couplings 148 , PPV 155 , and/or the like) based on, inter alia, error metrics 175 corresponding to communication of respective state key fragments 161 (and/or corresponding validation data 171 ) by, across, and/or through the respective physical control regions.
- physical state metadata 240 configured to characterize a state of respective computational component 130 , physical components 140 , physical control couplings 148 , PPV 155 , and/or the like
- the security module 510 may be configured to determine cyber-physical health metadata 180 for the control system 101 (and/or respective regions thereof), which may be based on error metrics 175 determined for respective state keys 160 , as disclosed herein.
- the security module 510 may be further configured to incorporate CPSC metrics 575 into the cyber-physical health metadata 180 , which may indicate, inter alia, a confidence that the cyber-physical state metadata 111 accurately represents the cyber-physical state of the control system 101 .
- the security module 510 may be configured to incorporate CPSC metrics 575 to the cyber health metadata 182 , the incorporating comprising indicating a determined confidence that the cyber state metadata 220 accurately represents the cyber state of the controls system 101 (and/or respective regions thereof).
- the security module 510 may be further configured to incorporate CPSC metrics 575 into the cyber health metadata 182 , the incorporating comprising indicating a determined confidence that the physical state metadata 240 accurately represents the physical state of the controls system 101 (and/or respective regions thereof).
- the security engine 510 may further configured to evaluate and/or monitor the cyber-physical state metadata 111 (and/or respective portions thereof).
- the security module 510 may be configured to determine cyber state metrics 553 corresponding to evaluation of the cyber state of the control system 101 (as indicated by the cyber state metadata 220 ), and physical state metrics 555 corresponding to evaluation of the physical state of the control system 101 (as indicated by the physical state metadata 240 ).
- Determining the cyber state metrics 553 may comprise the security module 510 applying one or more cyber state evaluation rules to the cyber state metadata 220 .
- a “cyber state evaluation rule” (CSER) refers to criteria and/or computer-readable instructions by which the security module 510 may evaluate specified cyber state characteristics.
- a “cyber state characteristic” may comprise and/or correspond to the cyber state metadata 220 , one or more cyber state parameters 222 , one or more cyber state signatures 228 , portion(s) thereof, and/or the like.
- a CSER may comprise any means for evaluating specified cyber state characteristics including, but not limited to: an expression, a regular expression, a mathematical expression, a logical expression, a comparison, a mathematical comparison, an inequality, linear programming (LP) logic, non-LP logic, and/or the like.
- the cyber state metrics 553 may indicate CSER evaluated by the security module 510 , identify successfully validated CSER, identify CSER evaluation failures (and/or cyber-physical components 102 associated with the CSER evaluation failures), specify scores resulting from evaluation of respective CSER, and/or the like.
- a CSER may specify that the messages-per-sender at specified cyber nodes 124 be lower than one or more thresholds.
- Evaluation of the CSER may comprise comparing cyber state characteristics of the specified cyber nodes 124 to one or more thresholds (e.g., comparing messages-per-sender cyber state parameters 222 of the specified cyber nodes 124 to the thresholds).
- evaluation of the CSER may comprise determining a CSER score corresponding to the messages-per-sender characteristics of the specified cyber nodes 124 .
- the cyber state metrics 553 may indicate whether the specified cyber nodes 124 satisfy the CSER, identify cyber nodes 124 having messages-per-sender cyber state parameters 222 that are near to and/or exceed one or more of the thresholds, and/or specify CSER evaluation scores for the respective cyber nodes 124 .
- determining the physical state metrics 555 may comprise the security module 510 applying one or more physical state evaluation rules.
- a “physical state evaluation rule” PSER refers to computer-readable instructions by which the physical state evaluator 1252 may evaluate specified characteristics of the physical state 1202 of the control system 101 (evaluate one or more physical state characteristics).
- a “physical state characteristic” may comprise and/or correspond to the physical state metadata 240 , one or more physical state parameters 242 , one or more physical state signatures 248 , portion(s) thereof, and/or the like.
- a physical state characteristic and/or PSER may correspond to a physical control coupling 148 and/or physical control metadata 249 (e.g., may correspond to a relationship between physical components 140 and one or more PPV 155 as defined in, inter alia, physical control metadata 249 , as disclosed herein).
- a PSER may comprise any means for evaluating specified physical state characteristics, as disclosed herein (e.g., criteria, instructions, expressions, and/or the like).
- the physical state metrics 555 may indicate PSER evaluated by the security module 510 , identify successfully validated PSER, identify PSER evaluation failures (and/or cyber-physical components 102 associated with the PSER evaluation failures), specify scores corresponding to evaluation of respective PSER, and/or the like.
- a PSER may specify that a controller 132 should cause a specified actuator device 146 to open a circuit breaker in response to current measurements acquired by a specified sensor device 144 exceeding a current threshold.
- Evaluating the PSER may comprise determining whether the physical state of the sensor device 144 corresponds to the physical state of the actuator device 146 (and/or vice versa). The evaluating may comprise determining whether current measurements acquired by the sensor device 144 exceed the threshold and, if so, whether the actuator device 146 is configured to open the circuit breaker. Evaluation of the PSER may fail in response to determining that the actuator device 146 failed to open the circuit breaker and/or failed to open the circuit breaker within the threshold time.
- evaluation of the PSER may comprise determining a PSER score corresponding to a time at which the actuator device 146 opened the circuit breaker.
- a PSER may specify that input electrical power to a motor controlled by a specified actuator device 146 (a motor controller), as measured by a first sensor device 144 coupled to a power source (an electrical power meter), should be within an efficiency threshold of an output mechanical power of the electrical motor system, as measured by a second sensor device 144 (a mechanical power meter).
- Evaluating the PSER may comprise determining whether the input electrical power acquired from the first sensor device 144 is within the threshold of the output mechanical power acquired from the second sensor device 144 , and/or whether the acquired actuation state of the actuator device 146 corresponds to the input electrical power and/or output mechanical power reported by the first/second sensor devices 144 .
- the evaluating may comprise determining that the input electrical power reported by the first sensor device 144 corresponds to the actuation state of the actuator device 146 , but that the output mechanical power reported by the second device 144 is lower than the input electrical power by more than the efficiency threshold.
- the security engine 510 may determine that evaluation of the PSER indicates failure and/or compromise of the first sensor device 144 and/or electrical motor.
- evaluation of the PSER may comprise correlating the physical states of the first and second sensor devices 144 (e.g., determining that the input electrical power reported by the first sensor device 144 is within the efficiency threshold of the output mechanical power reported by the second sensor device 144 ), but failing to correlate the physical state of the actuator device 146 (e.g., determining that the actuation state of the actuator device 146 corresponds to an input electrical power and/or output mechanical power different from the physical states of the first and second sensor devices 144 ).
- the security engine 510 may determine that evaluation of the PSER indicates failure and/or compromise of the actuator device 146 .
- the CSER and/or PSER may be maintained within the security policy 211 of the RS agent 110 , as disclosed herein. Although particular examples of CSER and/or PSER are described herein, the disclosure is not limited in this regard and could be adapted to use, define, and/or evaluate any suitable cyber and/or physical state characteristics pertaining to the control system 101 .
- determining the cyber state metrics 553 may comprise the security module 510 comparing the cyber state metadata 220 to one or more cyber state baselines 552 .
- a “cyber state baseline” (CSB) 552 refers to a particular type and/or classification of cyber behaviour, cyber state, and/or cyber state metadata 220 of the control system 101 (and/or respective regions thereof).
- a CSB 552 may comprise and/or correspond to one or more characteristics (cyber state baseline characteristics), which may correspond to respective cyber state characteristics of the control system 101 (e.g., correspond to cyber state metadata 220 and/or portions thereof, as disclosed herein).
- CSB 552 may be extracted, learned, and/or determined from cyber-physical state information, such as cyber-physical state information acquired during operation of the control system 101 , cyber-physical state information acquired during simulated operation of the control system 101 , training data (e.g., cyber and/or physical state information corresponding to specified cyber and/or physical state classifications), current cyber-physical state metadata 111 , previous cyber-physical state metadata, and/or the like.
- CSB 552 (and/or the characteristics thereof) may be determined by machine learning techniques (e.g., a classifier, as disclosed in further detail herein).
- CSB 552 pertaining to the control system 101 may be maintained within storage resources 204 of the RS agent 110 .
- one or more CSB 552 may be maintained by one or more other components 102 of the control system 101 .
- the RS agent 110 may comprise and/or be communicatively coupled to a plurality of CSB 552 , each comprising features configured to characterize a respective type, class, and/or classification of cyber behavior of the control system 101 (and/or respective regions thereof), including, but not limited to “healthy” CSB 552 , “unhealthy” CSB 552 , and/or the like.
- a “healthy” CSB 552 refers to a CSB 552 configured to characterize “healthy” cyber states, behaviors, and/or characteristics of the control system 101 (as indicated by the cyber state metadata 220 ).
- the RS agent 110 may comprise a plurality of healthy CSB 552 , each corresponding to cyber states, behavior, and/or cyber state metadata 220 under different respective conditions (e.g., in different operating modes, under different ambient conditions, different operating times, operation in response to different types of disturbances, and/or the like).
- an “unhealthy” CSB 552 refers to a CSB 552 configured to characterize “unhealthy” cyber states, behaviors, and/or characteristics of the control system 101 (as indicated by the cyber state metadata 220 ).
- the RS agent 110 may comprise a plurality of unhealthy CSB 552 , each corresponding to cyber states, behaviour, and/or cyber state metadata 220 under different respective cyber threat conditions, which may include, but are not limited to: particular types of cyber-attacks, attacks directed against particular cyber components 120 (e.g., cyber infrastructure, cyber security components 123 , cyber nodes 124 , and/or the like), compromise of particular cyber components 120 , attacks directed against the CS network 122 , external cyber-attacks from one or more external networks, injection of adversarial cyber communication into the CS network 122 , control manipulation attempts, DoS attacks, dropped packet attacks, flooding traffic attacks, data integrity attacks, replay attacks, MiTM attacks, targeted host attacks, targeted protocol attacks, manipulated traffic attacks, manipulated sensor data attacks (e.g., injection and/or replay of captured sensor data), manipulated control attacks (e.g., injection and/or replay of captured control outputs), and/or the like.
- particular cyber-attacks e.g., cyber infrastructure, cyber security components 123
- the CSB 552 may further comprise and/or define means by which the features of respective CSB 552 may be compared to the cyber state metadata 220 .
- the cyber baseline characteristics of respective CSB 552 may define values, ranges, thresholds, and/or other criteria for evaluating specific cyber state characteristics of the control system 101 (e.g., specified cyber state metadata 220 , cyber state parameters 222 , cyber state signatures, portion(s) thereof, and/or the like).
- the CSB 552 define operations by which errors, differences, and/or distances between the cyber state metadata 220 and respective CSB 552 may be determined.
- the CSB 552 may be associated with confidence metrics, which may quantify a confidence in the CSB 552 accurately characterizing particular types of cyber states, behaviors, and/or cyber state metadata 220 .
- the confidence metrics of the CSB 552 may indicate a confidence that healthy CSB 552 accurately characterize healthy cyber behaviors (and are distinguishable from unhealthy CSB 552 ), and/or the like.
- Determining the cyber state metrics 553 for the control system 101 (and/or respective regions thereof) may comprise comparing cyber state metadata 220 pertaining to the control system 101 (and/or respective regions thereof) to one or more CSB 552 .
- the comparing may comprise comparing cyber baseline characteristics of respective CSB 550 to corresponding cyber state characteristics (e.g., cyber state metadata 220 , cyber state parameters 222 , cyber state signatures 228 , portion(s) thereof, and/or the like).
- the comparing may comprise determining CSB error metrics for respective CSB 552 , which may be configured to quantify an error, difference, and/or distance between the cyber state, behaviour, and/or cyber state metadata 220 of the control system 101 (and/or respective regions thereof) and respective CSB 552 .
- the cyber state metrics 553 determined by the security module 510 may comprise and/or correspond to the determined CSB error metrics.
- the security module 510 may configure the cyber state metrics 553 to quantify a degree to which the cyber state of the control system 101 (as indicated by the cyber state metadata 220 ) corresponds to healthy CSB 552 , unhealthy CSB 552 , and/or the like.
- the cyber state metrics 553 may indicate a cyber health of the control system 101 (and/or respective regions thereof), which may be inversely proportional to CSB error metrics of health CSB 552 and/or be proportional to CSB error metrics of unhealthy CSB 552 .
- the cyber state metrics 553 determined by the security module 510 may identify one or more proximate CSB 552 , which may comprise CSB 552 having a closest proximity to the cyber state of the control system 101 (e.g., smallest CSB error metrics) and/or CSB 552 having CSB error metrics that satisfy one or more proximity thresholds.
- the cyber state metrics 553 may indicate whether the proximate CSB 552 comprise healthy CSB 552 , unhealthy CSB 552 , and/or the like.
- the cyber state metrics 553 may further comprise confidence metrics, which may correspond to confidence metrics of the CSB 552 , as disclosed herein.
- determining the physical state metrics 550 may comprise the security module 510 comparing the physical state metadata 240 to one or more physical state baselines 554 .
- a “physical state baseline” refers to a particular type and/or classification of physical behaviour, physical state, and/or physical state metadata 240 of the control system 101 (and/or respective regions thereof).
- a PSB 554 may comprise and/or correspond to one or more characteristics (physical baseline characteristics), which may correspond to respective physical state characteristics of the control system 101 (e.g., correspond to physical state metadata 240 and/or portions thereof, as disclosed herein).
- respective PSB 554 may be extracted, learned, and/or determined, as disclosed above (e.g., from cyber-physical state information, cyber-physical state metadata 111 , previous cyber-physical state metadata 111 , machine learning techniques, and/or the like).
- the RS agent 110 may comprise and/or be communicatively coupled to a plurality of PSB 554 , each comprising features configured to characterize a respective type, class, and/or classification of physical behavior of the control system 101 (and/or respective regions thereof), including, but not limited to “healthy” PSB 554 , “unhealthy” PSB 554 , and/or the like.
- a “healthy” PSB 554 refers to a PSB 554 configured to characterize “healthy” physical states, behaviors, and/or characteristics of the control system 101 , physical state metadata 240 , and/or the like.
- the RS agent 110 may comprise a plurality of healthy PSB 554 , each corresponding to physical states, behavior, and/or physical state metadata 240 under different respective conditions (e.g., in different operating modes, under different ambient conditions, different operating times, operation in response to different types of disturbances, and/or the like).
- an “unhealthy” PSB 554 refers to a PSB 554 configured to characterize “unhealthy” physical states, behaviors, characteristics, physical failure modes, and/or the like.
- the RS agent 110 may comprise a plurality of unhealthy PSB 554 , each corresponding to physical states, behaviour, and/or physical state metadata 240 under different respective physical threat conditions, which may include, but are not limited to: particular types of physical and/or component attacks, attacks directed against particular computational components 130 , compromise of particular computational components 130 , attacks directed against particular physical components 140 , compromise of particular physical components 140 , attacks through the physical environment, physical failure modes, and/or the like.
- the PSB 554 may be associated with confidence metrics, and may comprise and/or define means by which the features of respective PSB 554 may be to the physical state metadata 240 , as disclosed herein.
- Determining the physical state metrics 555 for the control system 101 (and/or respective regions thereof) may comprise comparing physical state metadata 240 pertaining to the control system 101 (and/or respective regions thereof) to one or more PSB 554 .
- the comparing may comprise comparing physical baseline characteristics of respective PSB 554 to corresponding physical state characteristics (e.g., physical state metadata 240 , physical state parameters 242 , physical state signatures 248 , portion(s) thereof, and/or the like).
- the comparing may comprise determining PSB error metrics for respective PSB 554 , which may be configured to quantify an error, difference, and/or distance between the physical state, behaviour, and/or physical state metadata 240 of the control system 101 (and/or respective regions thereof) and respective PSB 554 .
- the physical state metrics 555 determined by the security module 510 may comprise and/or correspond to the determined PSB error metrics.
- the security module 510 may configure the physical state metrics 555 to quantify a degree to which the physical state of the control system 101 (as indicated by the physical state metadata 240 ) corresponds to healthy PSB 554 , unhealthy PSB 554 , and/or the like.
- the physical state metrics 555 may indicate a physical health of the control system 101 (and/or respective regions thereof), which may be inversely proportional to PSB error metrics of health PSB 554 and/or be proportional to PSB error metrics of unhealthy PSB 554 .
- the physical state metrics 555 determined by the security module 510 may identify one or more proximate PSB 554 , which may comprise PSB 554 having a closest proximity to the physical state of the control system 101 (e.g., smallest PSB error metrics) and/or PSB 554 having PSB error metrics that satisfy one or more proximity thresholds.
- the physical state metrics 555 may indicate whether the proximate PSB 554 comprise healthy PSB 554 , unhealthy PSB 554 , and/or the like.
- the physical state metrics 555 may further comprise confidence metrics, which may correspond to confidence metrics of the PSB 554 , as disclosed herein.
- the security engine 510 may be configured to determine cyber health metadata 182 for the control system 101 , which may comprise determining cyber health metrics 282 configured to quantify a cyber health of the control system 101 (and/or respective regions thereof).
- the cyber health metrics 282 may be based on, inter alia, the error and/or confidence metrics 175 / 575 determined by the security module 510 , as disclosed herein.
- the security engine 510 may be further configured to incorporate the cyber state metrics 553 into the cyber health metrics 282 .
- the cyber health metrics 282 may be based on, inter alia, evaluation of one or more CSER, as disclosed herein.
- determining the cyber health metrics 282 may comprise comparing the cyber state of the control system 101 (as indicated by the cyber state metadata 220 ) to one or more CSB 552 .
- the cyber health metrics 282 may, therefore, indicate a degree to which the control system 101 (and/or respective regions thereof) corresponds to healthy CSB 552 and/or differs from unhealthy CSB 552 .
- the cyber health metrics 282 may be further configured to identify one or more proximate CSB 552 and/or indicate whether the proximate CSB 552 comprise healthy and/or unhealthy CSB 552 .
- the security engine 510 may be further configured to determine physical health metadata 184 for the control system 101 , which may comprise determining physical health metrics 284 configured to quantify a physical health of the control system 101 (and/or respective regions thereof).
- the physical health metrics 284 may be based on, inter alia, the error and/or confidence metrics 175 / 575 determined by the security module 510 , as disclosed herein.
- the security engine 510 may be further configured to incorporate the physical state metrics 555 into the physical health metrics 284 .
- the physical health metrics 284 may be based on, inter alia, evaluation of one or more PSER, as disclosed herein.
- the physical health metrics 284 may correspond to comparisons between the physical state of the control system 101 (as indicated by the physical state metadata 240 ) to one or more PSB 554 .
- the physical health metrics 284 may indicate a degree to which the control system 101 (and/or respective regions thereof) corresponds to healthy PSB 554 and/or differs from unhealthy PSB 554 .
- the physical health metrics 284 may be further configured to identify one or more proximate PSB 554 and/or indicate whether the proximate PSB 554 comprise healthy and/or unhealthy PSB 554 .
- the security module 510 may be further configured to implement mitigation operations in accordance with the error metrics 175 and/or cyber-physical health metadata 180 , as disclosed herein.
- the mitigation operations may comprise causing the automation controller 134 to modify one or more of the CPCE 105 A-N based on error metrics 175 and/or cyber-physical health metadata 180 pertaining thereto.
- the modifying may comprise slowing one or more of the CPCE 105 A-N (reducing a control frequency of one or more of the controllers 132 A-N), halting control functions of one or more of the CPCE 105 A-N, modifying control functions of one or more of the CPCE 105 A-N (e.g., configuring one or more of the controllers 132 to operate in a “safe mode”), isolating one or more of the CPCE 105 A-N from the control system 101 , and/or the like.
- the security module 510 may implement mitigation operations in accordance with a security policy 211 , as disclosed herein.
- the security engine 510 may be further configured to implement mitigation operations in accordance with the cyber and/or physical state metrics 553 / 555 and/or the corresponding cyber and/or physical health metrics 282 / 284 .
- the security engine 510 may be configured to implement mitigation operations in response to cyber and/or physical state metrics 553 / 555 indicating failure of one or more CSER and/or PSER and/or proximity to one or more unhealthy CSB and/or PSB 552 / 554 , as disclosed herein.
- the cyber state metrics 553 may identify CSER failures and/or indicate proximity to an unhealthy CSB 552 .
- a CSER failure and/or unhealthy CSB 552 may correspond to a particular type of cyber-attack, cyber-attack directed to particular cyber components 120 , compromise of particular cyber components 120 (e.g., one or more cyber nodes 124 ), and/or the like.
- the security engine 510 may implement mitigation operations in accordance with the identified CSER failure(s) and/or unhealthy CSB 552 , which may comprise operations to: generate notifications corresponding to the failed CSER, generate notifications indicating the unhealthy CSB 552 , mitigate cyber-attacks and/or cyber-attack vectors associated with the failed CSER and/or unhealthy CSB 552 , which may comprise implementing operations to: mitigate cyber-attacks directed against identified cyber components 120 (e.g., deactivating identified cyber components 120 ), mitigate compromise of identified cyber components 120 (e.g., filter adversarial messages injected by the identified cyber components 120 ), shut down identified cyber-attack vectors (e.g., shut down one or more gateways and/or external channels), and/or the like.
- mitigate cyber-attacks directed against identified cyber components 120 e.g., deactivating identified cyber components 120
- mitigate compromise of identified cyber components 120 e.g., filter adversarial messages injected by the identified cyber components 120
- shut down identified cyber-attack vectors e.g
- the security engine 510 may be further configured to implement mitigation operations in response to failure of one or more PSER and/or proximity to an unhealthy PSB 554 .
- a PSER failure and/or unhealthy PSB 555 may correspond to a particular type of physical and/or component attack, physical failure mode, and/or the like.
- Implementing mitigation operations corresponding to a PSER failure and/or proximity to an unhealthy PSB 555 may comprise implementing operations to: generate notifications indicating the failed PSER, generate notifications indicating the unhealthy PSB 554 , mitigate attack(s) and/or failure modes associated with the failed PSER and/or unhealthy PSB 554 , and/or the like.
- the mitigation operations may comprise operations to mitigate attacks directed against identified computational components 130 (e.g., reset specified computational components 130 , modify control functions implemented thereby, and/or the like), mitigate attacks directed against identified physical components 140 (e.g., ignore sensor data acquired by identified sensor devices 144 and/or deactivate identified actuator devices 146 ), deactivate physical components 140 and/or PPV 155 operating in identified failure modes, and/or the like.
- identified computational components 130 e.g., reset specified computational components 130 , modify control functions implemented thereby, and/or the like
- mitigate attacks directed against identified physical components 140 e.g., ignore sensor data acquired by identified sensor devices 144 and/or deactivate identified actuator devices 146
- deactivate physical components 140 and/or PPV 155 operating in identified failure modes, and/or the like.
- FIG. 6 is a flow diagram of one embodiment of a method 600 for securing a cyber-physical system 100 , as disclosed herein.
- Step 610 may comprise generating state keys 160 , each state key 160 comprising CPKD 162 comprising and/or corresponding to the cyber-physical state of the control system 101 .
- Step 610 may comprise generating state keys 160 having respective CPKD 162 , the CPKD 162 of each state key 160 comprising a respective cyber seed (e.g., cyber state metadata 220 , one or more cyber state parameters 222 , one or more cyber state signatures 228 , portion(s) thereof, ad/or the like) and a respective physical seed (e.g., physical state metadata 240 , one or more physical state parameters 242 , one or more physical state signatures 248 , portion(s) thereof, and/or the like).
- a respective cyber seed e.g., cyber state metadata 220 , one or more cyber state parameters 222 , one or more cyber state signatures 228 , portion(s) thereof, ad/or the like
- a respective physical seed e.g., physical state metadata 240 , one or more physical state parameters 242 , one or more physical state signatures 248 , portion(s) thereof, and/or the like.
- Step 620 may comprise communicating the state keys 160 through a cyber-physical system 100 , as disclosed herein.
- Step 620 may comprise communicating the state keys 160 through respective cyber-physical components 102 of the cyber-physical system 100 .
- Step 620 may comprise communicating the state keys 160 through respective CPCE 105 (and/or respective CPC paths 108 ), as disclosed herein.
- Step 620 may comprise communicating each state key 160 through one or more cyber paths 126 and one or more physical process couplings 148 .
- Step 620 may comprise sending state keys 160 to selected correlators 166 (e.g., selected actuator devices 146 ), transmitting corresponding validation data 171 to selected receivers 168 (e.g., selected sensor devices 144 ), and returning the validation data 171 from the selected receivers 168 .
- selected correlators 166 e.g., selected actuator devices 146
- selected receivers 168 e.g., selected sensor devices 144
- Step 620 may comprise selecting CPCE 105 and/or CPC paths 108 for respective state keys 160 in accordance with determined selection criteria.
- the selection criteria may comprise a weighted selection criterion, as disclosed herein.
- Step 620 may further comprise acquiring the validation data 171 corresponding to communication of respective state keys 160 , as disclosed herein.
- Step 630 may comprise generating validation keys 170 corresponding to respective state keys 160 .
- Step 630 may comprise generating validation keys 170 from and/or by use of the acquired validation data 171 .
- Step 630 may comprise producing cyber-physical reconstructions of respective state keys 160 , as disclosed herein.
- Step 640 may comprise calculating error metrics 175 for respective state keys 160 .
- Step 640 may comprise comparing respective state keys 160 to corresponding validation keys 170 (e.g., validation keys 170 constructed from validation data 171 acquired in response to communication of the respective state keys 160 ).
- the error metrics 175 may be calculated in accordance with any suitable technique including, but not limited to: an RMS error, an edit distance, and/or the like.
- Step 650 may comprise determining cyber-physical health metadata 180 for the control system based on, inter alia, the error metrics 175 determined at step 640 , as disclosed herein.
- Step 650 may comprise determining cyber health metadata 182 , physical health metadata 184 , and/or the like, as disclosed herein.
- Step 650 may comprise determining cyber health and/or confidence metrics pertaining to respective cyber regions of the control system 101 and/or corresponding cyber state metadata 220 (e.g., respective cyber components 120 , cyber nodes 124 , cyber paths 126 , and/or the like).
- Step 650 may comprise determining physical health and/or confidence metrics pertaining to respective physical control regions of the control system 101 and/or corresponding physical state metadata 240 (e.g., respective cyber components 120 , cyber nodes 124 , cyber paths 126 , and/or the like). Step 650 may further comprise implementing one or more mitigation operations based on the determined error metrics 175 and/or cyber-physical health metadata 180 , as disclosed herein. In some embodiments, step 650 may comprise determining cyber and/or physical health metrics 282 / 284 , as disclosed herein. Determining the cyber health metrics 282 may comprise determining and/or evaluating one or more cyber health parameters 181 , such as error parameters 181 A, confidence parameters 181 B, state parameters 181 N, and/or the like.
- cyber health parameters 181 such as error parameters 181 A, confidence parameters 181 B, state parameters 181 N, and/or the like.
- Determining the physical health metrics 284 may comprise determining and/or evaluating one or more physical health parameters 183 , such as error parameters 183 A, confidence parameters 183 B, state parameters 183 N, and/or the like. Determining state parameters 181 N of the cyber state metadata 182 (and/or cyber health metrics 282 ) may comprise comparing the cyber state of the control system 101 (e.g., cyber state metadata 220 ) to one or more CSB 552 (e.g., healthy CSB 552 , unhealthy CSB 552 , cyber baseline characteristics, cyber state projections, cyber state estimates, and/or the like), as disclosed herein.
- CSB 552 e.g., healthy CSB 552 , unhealthy CSB 552 , cyber baseline characteristics, cyber state projections, cyber state estimates, and/or the like
- Determining state parameters 183 N of the physical state metadata 184 may comprise comparing the physical state of the control system 101 (e.g., physical state metadata 240 ) to one or more PSB 554 (e.g., healthy PSB 554 , unhealthy PSB 554 , physical baseline characteristics, physical state projections, physical state estimates, and/or the like), as disclosed herein.
- Step 650 may further comprise implementing one or more mitigation operations in accordance with the determined error metrics 175 , cyber-physical health metadata 180 , cyber health metadata 182 , cyber health metrics 282 , physical health metadata 184 , physical health metrics 284 , and/or the like, as disclosed herein.
- FIG. 7A is a flow diagram of another embodiment of a method 700 for securing a cyber-physical control system 101 , as disclosed herein.
- Step 710 may comprise generating a state key 160 comprising CPKD 162 pertaining to a cyber-physical state of the control system 101 , as disclosed herein.
- the CPKD 162 may comprise one or more of a cyber state parameter 222 , a cyber state signature 228 , a physical state parameter 242 , physical state signature 248 , and/or the like.
- Step 710 may comprise generating corresponding CPKD 162 in accordance with a cyber-physical topology 115 and/or signature schema 116 , as disclosed herein (e.g., cyber key data and physical key data configured to cover corresponding regions of the control system 101 ).
- a cyber-physical topology 115 and/or signature schema 116 as disclosed herein (e.g., cyber key data and physical key data configured to cover corresponding regions of the control system 101 ).
- Step 720 may comprise parsing the state key 160 into a plurality of fragments 161 A-N, each fragment 161 A-N comprising a respective CPKD fragment 163 A-N.
- the CPKD fragments 163 A-N may comprise: a cyber state parameter 222 and/or cyber state signature 228 (or portion thereof), and a physical state parameter 242 and/or physical state signature 248 (or portion thereof).
- Step 720 may comprise generating corresponding CPKD fragments 163 A-N in accordance with one or more of the cyber-physical topology 115 , signature schema 116 , and/or key schema, as disclosed herein.
- Step 730 may comprise communicating the fragments 161 A-N of the state key 160 through selected CPCE 105 , which CPCE 105 may be selected in accordance with any suitable selection mechanism and/or criteria, as disclosed herein. Alternatively, or in addition, the CPCE 105 may be selected in accordance with CPKD 162 and/or CPKD fragments 163 covered thereby. Step 730 may comprise communicating each fragment 161 A-N of the state key 160 through the selected CPCE 105 via a respective CPC path 108 , each CPC path 108 comprising a first cyber path 126 , a physical control coupling 148 , and a second cyber path 126 .
- Communicating a state key fragment 161 A-N through a CPC path 108 may comprise sending the fragment 161 A-N to a selected correlator 166 (e.g., a selected actuator device 146 ), transmitting validation data 171 A-N corresponding to the fragment 161 A-N by, across, and/or through a PPV 155 of the CPCE 105 (e.g., a physical process 150 , physical process attribute 152 ), and returning the validation data 171 A-N from the receiver 168 , as disclosed herein.
- a selected correlator 166 e.g., a selected actuator device 146
- transmitting validation data 171 A-N corresponding to the fragment 161 A-N by, across, and/or through a PPV 155 of the CPCE 105 e.g., a physical process 150 , physical process attribute 152
- Step 740 may comprise acquiring validation data 171 A-N corresponding to communication of the respective fragments 161 A-N of the state key 160 , as disclosed herein. Step 740 may further comprise determining validation CPKD fragments 173 A-N and/or generating a cyber-physical reconstruction of the state key 160 (a validation key 170 ) by use of the determined validation CPKD fragments 173 A-N.
- Step 750 may comprise determining error metrics 175 for the state key 160 .
- Step 750 may comprise determining a key error 176 by, inter alia, comparing the state key 160 to the validation key 170 (and/or comparing respective CPKD 162 to corresponding validation CPKD 172 ).
- Step 750 may further comprise determining respective fragment errors 177 A-N by, inter alia, comparing respective state key fragments 161 A-N to corresponding validation data 171 A-N (and/or comparing respective CPKD fragments 163 A-N to corresponding validation CPKD fragments 173 A-N).
- Step 760 may comprise determining cyber-physical health metadata 180 for the control system based on, inter alia, the error metrics 175 determined at step 750 , as disclosed herein.
- Step 760 may comprise determining cyber health metrics 282 , physical health metrics 284 , and/or the like.
- Step 760 may further comprise evaluating one or more CSER and/or comparing a cyber state of the control system 101 (and/or respective regions thereof) to one or more CSB 552 , as disclosed herein.
- Step 760 may further comprise evaluating one or more PSER and/or comparing a physical state of the control system 101 (and/or respective regions thereof) to one or more PSB 554 , as disclosed herein.
- Step 760 may further comprise implementing one or more mitigation operations based on the determined error metrics 175 , cyber-physical health metadata 180 , cyber health metrics 282 , and/or physical health metrics 284 , as disclosed herein.
- FIG. 7B is a flow diagram of one embodiment of a method 701 for securing a cyber-physical system by communicating state keys 160 through selected regions of a cyber-physical system 100 , as disclosed herein.
- Step 711 may comprise selecting regions to be covered by respective state keys 160 .
- Step 711 may comprise selecting the regions based on one or more of a random selection, pseudorandom selection, a round-robin selection, an adaptive selection (to ensure adequate coverage of the control system 101 ), a weighted selection (to increase monitoring of venerable and/or sensitive portions of the control system 101 ), a deterministic selection (e.g., selection based on an isolation scheme, as disclosed herein), and/or the like.
- a random selection to be covered by respective state keys 160 .
- Step 711 may comprise selecting the regions based on one or more of a random selection, pseudorandom selection, a round-robin selection, an adaptive selection (to ensure adequate coverage of the control system 101 ), a weighted selection (to increase monitoring
- step 711 may comprise a selection scheme configured to distribute coverage of regions of the control system 101 108 (e.g., may comprise a round-robin selection scheme).
- the selection scheme of step 711 may be configured to evenly distribute coverage of respective CPCE 105 and/or CPCE paths 108 of the control system 101 .
- the selecting of step 711 may be configured to bias coverage of designated regions of the control system 101 (e.g., increase coverage of regions assigned higher priorities over regions assigned lower priorities).
- the selecting of step 711 may be configured to bias selection based on characteristics of the regions (e.g., increase coverage of regions exhibiting higher error metrics 175 ).
- Step 711 may comprise implementing a weighted selection scheme (e.g., a weighted random, pseudo random, and/or round-robin selection scheme).
- Step 711 may comprise weighting respective regions of the control system 101 , as disclosed herein. The weighting may be based on one or more of: a priority assigned to the respective regions, error metrics 175 associated with the respective regions, an age of the error metrics 175 , confidence metrics of cyber-physical state metadata 111 corresponding to the respective regions, an age of the confidence metrics, cyber-physical health metadata 180 pertaining to the respective regions, and/or the like.
- Step 721 may comprise generating the respective state keys 160 .
- Step 721 may comprise generating the respective state keys 160 in accordance with the regions selected at step 711 .
- Step 721 may comprise generating CPKD 162 for the respective state keys 160 , such that the CPKD 162 of each state key 160 is configured to cover the selected region of the state key 160 .
- step 721 may comprise generating CPKD 162 for the respective state keys 160 independently of the selection of step 711 , such that the CPKD 162 of the respective state keys 160 is independent of the region of the control system 101 through which the respective state keys 160 (and/r fragments 161 thereof) are communicated.
- Step 721 may comprise selecting regions of the control system 101 to be covered by the CPKD 162 of the respective state keys 160 using any suitable selection criteria, as disclosed herein.
- Step 731 may comprise communicating the state keys 160 through the regions of the control system 101 selected for the state keys 160 at step 711 .
- Communicating a state key 160 may comprise splitting the state key 160 into a plurality of fragments 161 A-N, and communicating each fragment 161 A-N through the selected region of the state key 160 .
- step 731 may comprise communicating each fragment 161 A-N through the selected region via a respective CPE path 108 .
- Step 731 may comprise selecting CPE paths 108 in accordance with a selection mechanism, as disclosed herein.
- Step 731 may comprise selecting CPE paths 108 for the fragments 161 A-N to ensure coverage of the selected region (e.g., to cover different CPE paths 108 through the selected region, cover different cyber-physical components 102 of the region, cover different cyber paths 126 , cover different physical control couplings 148 , and/or the like).
- Step 741 may comprise acquiring validation data 171 corresponding to communication of the respective state keys 160 through the selected regions of the control system 101 , and step 751 may comprise determining corresponding error metrics 175 , as disclosed herein.
- Step 761 may comprise determining cyber-physical health metadata 180 for the control system 101 (and/or the selected regions thereof) based on, inter alia, the determined error metrics 175 , as disclosed herein.
- Step 761 may further comprise determining cyber-physical health metadata 180 comprising: cyber health metadata 182 , cyber health parameters 181 , cyber health metrics 282 , physical health metadata 184 , physical health parameters 183 , and/or physical health metrics 284 , as disclosed herein.
- Step 761 may comprise implementing mitigation operations in accordance with the determined error metrics 175 and/or cyber-physical health metadata 180 , as disclosed herein.
- FIG. 8 is a flow diagram of another embodiment of a method 800 for securing a cyber-physical system 100 , as disclosed herein.
- Step 810 may comprise detecting an anomalous error metric 175 .
- Step 810 may comprise detecting an error metric 175 that exceeds one or more error thresholds (e.g., a key error 176 and/or fragment errors 177 A-N exceeding respective error thresholds).
- Step 810 may correspond to communication of a state key 160 , and the detection of the anomaly may correspond to calculation of error metrics 175 of the state key 160 by, inter alia, comparing the state key 160 (and/or CPKD 162 thereof) to a cyber-physical reconstruction of the state key 160 (a corresponding validation key 170 and/or validation CPKD 172 , as disclosed herein).
- Step 810 may further comprise updating cyber-physical health metadata 180 to, inter alia, associate the anomalous error metric with the CPCE 105 and/or CPC path 108 through which the state key 160 (and/or fragments 161 thereof) was communicated.
- Step 820 may comprise adapting communication of one or more subsequent state keys 160 to, inter alia, isolate a source of the detected anomaly.
- Step 820 may comprise configuring communication of the subsequent state key(s) 160 in accordance with a cyber-physical isolation scheme, as disclosed herein.
- Step 820 may comprise configuring the subsequent state keys 160 for communication through an overlap region, the overlap region corresponding to a region covered by the state key 160 associated with the anomalous error metric 175 .
- Step 820 may comprise configuring the subsequent state keys 160 for communication through isolation CPC paths 108 through the overlap region that vary with respect to inclusion and/or exclusion of designated cyber-physical components 102 , as disclosed herein.
- Step 830 may comprise attributing the anomaly based on, inter alia, error metrics 175 of the subsequent state keys 160 , as disclosed herein.
- Step 830 may comprise determining that the error metric 175 of a subsequent state key 160 is nominal and, in response, preventing the detected anomaly from being attributed to cyber-physical components 102 included in communication of the subsequent state key 160 .
- step 830 may comprise determining that the error metric 175 of a subsequent state key 160 is high and/or anomalous and, in response, attributing the detected anomaly to designated cyber-physical components 102 included in communication of the subsequent state key 160 .
- Step 830 may comprise iteratively adapting communication of subsequent state keys 160 until a termination criterion is satisfied (e.g., a source of the detected anomaly is determined, no further refinement is possible, and/or the like, as disclosed herein). Step 830 may further comprise updating the cyber-physical health metadata 180 to, inter alia, associate the detected anomaly with the determined source(s) thereof and/or implementing one or more mitigation operations in response to detection and/or attribution of the anomaly, as disclosed herein.
- a termination criterion e.g., a source of the detected anomaly is determined, no further refinement is possible, and/or the like, as disclosed herein.
- FIG. 9 is a flow diagram of another embodiment of a method 900 for securing a cyber-physical system 100 , as disclosed herein.
- Step 910 may comprise detecting a state key 160 having a high error metric 175 , as disclosed herein (e.g., a state key 160 having an error metric 175 that exceeds one or more error thresholds).
- Step 910 may further comprise implementing one or more mitigation operations in response to detection of the anomaly, as disclosed herein.
- Step 920 may comprise identifying potential sources of the high error metric, as disclosed herein.
- Step 920 may comprise identifying an error region, the error region comprising the region of the control system 101 covered by the state key 160 .
- the identifying may comprise identifying CPCE 105 through which the state key 160 was communicated, CPC paths 108 through which fragments 161 A-N of the state key 160 were communicated, and/or the like.
- Step 920 may further comprise identifying an error group comprising potential sources of the anomaly.
- the error group may initially comprise cyber-physical components 102 within the determined error region (e.g., cyber-physical components 102 through which the state key 160 and/or fragments 161 thereof were communicated).
- Step 920 may further comprise assigning an initial anomaly weight to each of the identified cyber-physical components 102 , as disclosed herein.
- Step 930 may comprise adapting communication of a subsequent state key 160 to include one or more of the potential source(s) and exclude one or more of the potential source(s), as disclosed herein.
- Step 930 may comprise configuring the subsequent state key 160 to overlap with the error region (e.g., configure the subsequent state key 160 for communication through a group of CPCE 105 that include one or more of the identified CPCE 105 and/or exclude one or more of the identified CPCE 105 ).
- Step 930 may comprise configuring the subsequent state key 160 such that fragments 161 A-N thereof are communicated through respective isolation CPC paths 108 that vary from the identified CPC paths 108 by, inter alia, excluding one or more of the identified potential sources (e.g., including/excluding one or more of the identified cyber-physical components 102 , as disclosed herein).
- Step 940 may comprise determining whether the error metric 175 of the subsequent state key 160 was reduced relative to the high error metric 175 (e.g., whether the error metric 175 is indicative of nominal operation). If the error metric 175 has been reduced, the flow may continue at step 950 ; otherwise, the flow may continue at step 960 .
- Step 950 may comprise removing the potential source(s) included in communication of the subsequent state key 160 as potential sources of the high error metric 175 (e.g., removing corresponding cyber-physical components 102 from the error group and/or error region). Step 950 may further comprise retaining potential source(s) excluded from the subsequent state key 160 as potential sources of the high error metric 175 (e.g., retaining the corresponding cyber-physical components 102 in the error group and/or error region). Alternatively, or in addition, step 950 may comprise decreasing an anomaly weight of respective cyber-physical components 102 covered by the subsequent state key 160 , as disclosed herein.
- Step 960 may comprise retaining the included potential sources, as disclosed herein (e.g., retaining the corresponding cyber-physical component 102 in the error group and/or error region). Alternatively, or in addition, step 960 may comprise increasing an anomaly weight of respective cyber-physical components 102 covered by the subsequent state key 160 , as disclosed herein.
- Step 970 may comprise determining whether to continue refining the potential sources of the high error metric 175 .
- Step 970 may comprise determining: whether the source of the high error metric has been identified (e.g., whether the potential sources have been refined to a threshold number of cyber-physical components 102 , a sufficiently narrow region of the control system 101 , and/or the like), whether further refinement of the potential sources is possible (e.g., based on the cyber-physical topology 115 of the control system 101 ), and/or whether another termination criterion has been satisfied (e.g., whether a threshold number of iterations have been completed).
- Step 970 may further comprise updating cyber-physical health metadata 180 to indicate potential sources of the anomaly and/or indicate an anomaly weight assigned to respective cyber-physical components 102 , as disclosed herein.
- Step 970 may comprise implementing one or more mitigation operations in response to determination of the source of the anomaly (and/or refinement of the potential sources thereof), as disclosed herein. If the determination at step 970 is to continue, the flow may continue at step 930 , where another subsequent state key 160 may be adapted to include and/or exclude remaining potential sources of the high error metric 175 , as disclosed herein.
- FIG. 10 is a flow diagram of another embodiment of a method 1000 for securing a cyber-physical system 100 , as disclosed herein.
- Step 1010 may comprise detecting a state key anomaly (e.g., a state key 160 having an anomalous error metric 175 , as disclosed herein).
- Step 1010 may further comprise implementing one or more mitigation operations in response to detection of the anomaly, as disclosed herein.
- Step 1020 may comprise determining an error region, which may comprise and/or correspond to a region covered by the state key 160 having the anomalous error metric 175 .
- Step 1020 may further comprise assigning an initial anomaly weight to each cyber-physical component 102 within the determined error region, as disclosed herein.
- Step 1030 may comprise configuring an overlapping state key 160 , which may comprise configuring the state key 160 to cover a region that overlaps with the error region, as disclosed herein.
- Step 1030 may comprise communicating the overlapping state key 160 through a region of the control system 101 that corresponds to and/or overlaps the error region.
- the error region may comprise and/or correspond to one or more CPCE 105
- step 1030 may comprise communicating the overlapping state key 160 through at least one of the one or more CPCE 105 .
- Step 1030 may further comprise communicating fragments 161 of the overlapping state key 160 through one or more isolation CPC paths 108 , as disclosed herein.
- Step 1040 may comprise determining whether an error metric 175 of the overlapping state key 160 is nominal (e.g., is lower than the anomalous error metric 175 ). If the error metric 175 is nominal, the flow may continue at step 1050 ; otherwise, the flow may continue at step 1060 .
- Step 1050 may comprise decreasing anomaly weights of respective cyber-physical components 102 covered by the overlapping state key 160 and/or CPC paths 108 through which fragments 161 of the overlapping state key 160 were communicated, as disclosed herein.
- Step 1060 may comprise increasing anomaly weights of respective cyber-physical components 102 covered by the overlapping state key 160 and/or CPC paths 108 through which fragments 161 of the overlapping state key 160 were communicated, as disclosed herein.
- Step 1070 may comprise determining whether to continue iteratively refining the anomaly weights assigned to the respective cyber-physical components 102 of the error region, as disclosed herein. Step 1070 may comprise determining whether the anomaly weights have converged, the distribution of the anomaly weights sufficiently distinguishes the cause of the anomaly, no further refinement is possible, and/or other termination criteria.
- FIG. 10 is a flow diagram of one embodiment of a method 1100 for characterizing a cyber-physical health of a selected region of a cyber-physical system 100 .
- Step 1010 may comprise detecting a state key anomaly (e.g., a state key 160 having an anomalous error metric 175 , as disclosed herein).
- Step 1010 may further comprise implementing one or more mitigation operations in response to detection of the anomaly, as disclosed herein.
- Step 1020 may comprise determining an error region, which may comprise and/or correspond to a region covered by the state key 160 having the anomalous error metric 175 .
- Step 1020 may further comprise assigning an initial anomaly weight to each cyber-physical component 102 within the determined error region, as disclosed herein.
- Step 1030 may comprise configuring an overlapping state key 160 , which may comprise configuring the state key 160 to cover a region that overlaps with the error region, as disclosed herein.
- Step 1030 may comprise communicating the overlapping state key 160 through a region of the control system 101 that corresponds to and/or overlaps the error region.
- the error region may comprise and/or correspond to one or more CPCE 105
- step 1030 may comprise communicating the overlapping state key 160 through at least one of the one or more CPCE 105 .
- Step 1030 may further comprise communicating fragments 161 of the overlapping state key 160 through one or more isolation CPC paths 108 , as disclosed herein.
- Step 1040 may comprise determining whether an error metric 175 of the overlapping state key 160 is nominal (e.g., is lower than the anomalous error metric 175 ). If the error metric 175 is nominal, the flow may continue at step 1050 ; otherwise, the flow may continue at step 1060 .
- Step 1050 may comprise decreasing anomaly weights of respective cyber-physical components 102 covered by the overlapping state key 160 and/or CPC paths 108 through which fragments 161 of the overlapping state key 160 were communicated, as disclosed herein.
- Step 1060 may comprise increasing anomaly weights of respective cyber-physical components 102 covered by the overlapping state key 160 and/or CPC paths 108 through which fragments 161 of the overlapping state key 160 were communicated, as disclosed herein.
- Step 1070 may comprise determining whether to continue iteratively refining the anomaly weights assigned to the respective cyber-physical components 102 of the error region, as disclosed herein. Step 1070 may comprise determining whether the anomaly weights have converged, the distribution of the anomaly weights sufficiently distinguishes the cause of the anomaly, no further refinement is possible, and/or other termination criteria.
- FIG. 11 is a flow diagram of one embodiment of a method 1100 for characterizing a cyber-physical health of a selected region of a cyber-physical system, as disclosed herein.
- Step 1100 may comprise selecting a region of the control system 101 to characterize.
- Step 1110 may comprise detecting a state key 160 having a high and/or anomalous error metric 175 , as disclosed herein.
- Step 1100 may comprise selecting the region based on a selection criterion, such as a weighted selection criterion, as disclosed herein.
- the selected region may comprise and/or correspond to one or more CPCE 105 of the control system 101 .
- step 1110 may further comprise assigning initial error weights to respective cyber-physical components 102 , cyber regions, and/or physical control regions, of the selected region, as disclosed herein.
- Step 1120 may comprise communicating overlapping state keys 160 through the selected region (e.g., state keys 160 that overlap with respect to the selected region, as disclosed herein).
- Step 1120 may comprise communicating the overlapping state keys 160 in accordance with a cyber-physical isolation scheme, as disclosed herein.
- Communicating the overlapping state keys 160 may comprise communicating respective fragments 161 of the overlapping state keys 160 through respective isolation CPC paths 108 , which may be configured to differ with respect to inclusion and/or exclusion of respective portions of the selected region (e.g., differ with respect to inclusion and/or exclusion of one or more cyber-physical components 102 ).
- Step 1130 may comprise determining whether error metrics 175 of respective overlapping state keys 160 differ by more than a threshold.
- the flow may continue at step 1140 ; otherwise, the flow may continue at step 1150 .
- Step 1140 may comprise associating the error differential ⁇ E with isolated portions of the high-error state keys 160 .
- the high-error state keys 160 may comprise state keys 160 of the overlapping state keys 160 having error metrics 175 that exceed the error metrics 175 of other, low-error state keys 160 of the overlapping state keys 160 .
- the isolated portion of a high-error state key 160 may comprise a portion, section, and/or sub-region of the selected region that is covered by the high-error state key 160 and is not covered by the low-error state keys 160 .
- the isolated portion may comprise cyber-physical components 102 that: a) were included in the isolation CPC paths 108 through which fragments 161 of the high-error state keys 160 were communicated, and b) were excluded from the isolation CPC paths 108 through which fragments 161 of the low-error state keys 160 were communicated.
- Step 1140 may comprise attributing the error differential ( ⁇ E), and/or a portion thereof, to the isolated portions of the high-error state keys 160 .
- step 1140 may comprise increasing error weights of respective cyber-physical components 102 , cyber regions, and/or physical control regions, of the isolated portions of the high-error state keys 160 , as disclosed herein. In some embodiments, step 1140 may further comprise disassociating isolated portions of the low-error state keys 160 with the error differential, which may comprise decreasing error weights of respective cyber-physical components 102 , cyber regions, and/or physical control regions, of the isolated portions of the low-error state keys 160 , as disclosed herein.
- the RS agent 110 may be configured to determine error associated with the communication of state keys 160 through respective CPCE 105 of the control system 101 (and/or respective cyber-physical components 102 , CPCE sections 109 , and/or the like).
- the state keys 160 may comprise CPKD 162 , which may be configured to characterize the acquired cyber-physical state of the control system 101 (e.g., may comprise and/or be derived from the cyber-physical state metadata 111 ).
- the RS agent 110 may be configured to acquire cyber-physical state information pertaining to the control system 101 .
- the RS agent 110 may be configured to acquire the cyber-physical state information in conjunction with the communication of state keys 160 through selected regions of the control system 101 .
- the RS agent 110 may be configured to acquire cyber-physical state information from the same and/or similar region as the regions through which the state keys 160 are communicated (and/or corresponding cyber-physical reconstruction data are returned).
- the error metrics 175 associated with the state keys 160 may, therefore, indicate a likelihood that cyber-physical state information acquired in conjunction with communication of the state keys 160 accurately reflects the cyber-physical state of the control system 101 .
- FIG. 12A is a schematic block diagram of another embodiment of cyber-physical system 100 comprising an RS agent 110 , as disclosed herein.
- the RS agent 110 may comprise a security engine 1210 , key generator 1212 , communication manager 1216 , and cyber-physical error monitor (error monitor 1218 ), which may be configured to, inter alia, communicate state keys 160 through the control system 101 , determine error metrics 175 corresponding to communication of the state keys 160 (and/or respective fragments 161 A-N thereof), and/or determine cyber-physical health metadata 180 for the control system 101 based on, inter alia, the determined error metrics 175 .
- error monitor 1218 cyber-physical error monitor
- the RS agent 110 may further comprise an acquisition engine 1206 and state engine 1290 , which may be configured to, inter alia, acquire the cyber-physical state 1201 of the control system 101 and/or respective regions thereof (denoted as cyber-physical state 1201 in FIG. 12A ).
- the RS agent 110 may comprise, be embodied by, and/or be coupled to computing resources 201 , which may include, but are not limited to: processing resources 202 , storage resources 204 , cyber communication resources 206 , and/or the like, as disclosed herein.
- Portions of the RS agent 110 may be embodied by the computing resources 201 (e.g., may comprise and/or be embodied by hardware components of the computing resources 201 , such as one or more processors, programmable logic, and/or the like).
- the computing resources 201 e.g., may comprise and/or be embodied by hardware components of the computing resources 201 , such as one or more processors, programmable logic, and/or the like.
- one or more of 1206 , 1210 , 1212 , 1216 , 1218 , and/or 1219 may be embodied as computer-readable instructions 205 stored within the non-transitory storage resources 206 , as disclosed herein.
- the security engine 1210 may be configured to implement a security policy 211 , as disclosed herein, which may comprise and/or correspond to a coverage schema 511 .
- the coverage schema 511 may comprise a scheme for the generation and/or communication of state keys 160 (and/or respective fragments 161 A-N thereof), as disclosed herein.
- the security engine 1210 may be further configured to implement mitigation operations based on and/or in response to error metrics 175 and/or the determined cyber-physical health metadata 180 , as disclosed herein.
- the key generator 1212 may be configured to generate state keys 160 comprising respective CPKD 162 and/or split the state keys 160 into respective fragments 161 A-N, each fragment 161 A-N comprising a respective CPKD fragment 163 A-N, as disclosed herein.
- the communication manager 1216 may be configured to communicate fragments 161 A-N of the state keys 160 through respective CPC paths 108 of the control system 101 , and acquire validation data 171 A-N in response to communication of the fragments 161 A-N, as disclosed herein.
- the error monitor 1218 may be configured to monitor error introduced during communication of state keys 160 (and/or state key fragments 161 A-N) through CPE paths 108 of the control system 101 , which may comprise generating cyber-physical reconstructions of the state keys 160 (validation keys 170 ) by use of the acquired validation data 171 A-N, and/or comparing the state keys 160 to corresponding validation keys 170 , as disclosed herein.
- Generating the validation keys 170 may comprise reconstructing validation CPKD fragments 173 A-N from acquired validation data 171 A-N and/or reconstructing validation CPKD 172 for respective state keys 160 by use of the validation CPKD fragments 173 A-N, as disclosed herein.
- the RS agent 110 may further comprise an acquisition engine 1206 , which may be configured to acquire cyber-physical state data 1207 corresponding to the cyber-physical state metadata 111 , which, as disclosed herein may be configured to comprise, define, and/or characterize the cyber-physical state of the control system 101 and/or respective regions thereof.
- the acquisition engine 1206 may be configured to acquire cyber-physical state data 1207 pertaining to: cyber state metadata 220 , one or more cyber state parameters 222 , one or more cyber state signatures 228 , physical state metadata 240 , one or more physical state parameters 242 , one or more physical state signatures 248 , portion(s) thereof and/or the like.
- the acquisition engine 1206 may be configured to acquire cyber-physical state information pertaining to respective: cyber-physical components 102 , CPCE 105 , CPE paths 108 , CPE sections 109 , cyber components 120 , the CS network 122 (and/or portions thereof), cyber nodes 124 , cyber paths 126 , cyber sections 129 , computational components 130 , physical components 140 (e.g., sensor devices 144 , actuator devices 146 , and/or the like), PPV 155 (e.g., physical processes 150 , physical process attributes 152 , and/or the like), physical control couplings 148 , physical control sections 149 , and/or the like.
- cyber-physical state information pertaining to respective: cyber-physical components 102 , CPCE 105 , CPE paths 108 , CPE sections 109 , cyber components 120 , the CS network 122 (and/or portions thereof), cyber nodes 124 , cyber paths 126 , cyber sections 129 , computational components 130 , physical components
- the acquisition engine 1206 may be configured to acquire cyber-physical state data 1207 using any suitable means, mechanism and/or technique, as disclosed herein, which may include, but is not limited to: requesting cyber-physical state information (e.g., sending requests for cyber-physical state information through the CS network 122 ), capturing messages comprising cyber-physical state information, capturing control messages communicated between respective computational components 130 and physical components 140 (e.g., messages between a controller 132 and one or more sensor and/or actuator devices 144 / 146 ), capturing messages on the CS network 122 , inspecting messages being communicated on the CS network 122 (e.g., deep packet inspection), extracting cyber-physical state information messages on the CS network 122 , acquiring cyber-physical state information from message(s) comprising validation data 171 returned in response to communication of respective state keys 160 and/or state key fragments 161 , and/or the like.
- requesting cyber-physical state information e.g., sending requests for cyber-physical state information through the CS
- the acquisition engine 1206 may be configured to acquire cyber-physical state information from the control system 101 (and/or respective regions thereof) in accordance with the coverage schema 511 , as disclosed herein.
- the coverage schema 511 may comprise any suitable information pertaining to the acquisition of cyber-physical state data 1207 including, but not limited to: an acquisition frequency (e.g., may specify the frequency at which the acquisition engine 1206 is configured to acquire cyber-physical state data 1207 pertaining to respective regions of the control system 101 ), an acquisition period (e.g., may specify a period at which the acquisition engine 1206 is configured to acquire cyber-physical state data 1207 pertaining to respective regions of the control system 101 ), a monitoring frequency, a monitoring period, a continuous acquisition scheme, a continuous monitoring scheme, a discrete acquisition scheme, a discrete monitoring scheme, a staged monitoring scheme, a staged acquisition scheme, and/or the like.
- an acquisition frequency e.g., may specify the frequency at which the acquisition engine 1206 is configured to acquire cyber-physical state data 1207 pertaining
- the acquisition engine 1206 may acquire cyber-physical state data 1207 configured to characterize the cyber-physical state 1201 of the control system 101 at designated acquisition times ⁇ (the acquisition times ⁇ corresponding to an acquisition frequency, period, continuous acquisition, staged acquisition, and/or the like). As disclosed above, the acquisition engine 1206 may be configured to acquire the cyber-physical state data 1207 by a plurality of different means and/or from a plurality of different sources (e.g., different cyber-physical components 102 ).
- Acquiring cyber-physical state data 1207 corresponding to a designated acquisition time ⁇ may, therefore, comprise acquiring a plurality of cyber-physical state (CPS) datasets 1209 , each CPS dataset 1209 corresponding to the same (or similar) acquisition time ⁇ , and comprising cyber and/or physical state data 1207 captured by respective means and/or acquired from a respective source (e.g., respective cyber-physical components 102 ).
- Acquiring cyber-physical state information 1201 corresponding to an acquisition time ⁇ may comprise generating, requesting, and/or receiving a plurality of CPS datasets 1209 , and associating the CPS datasets 1209 with the acquisition time ⁇ .
- the associating may comprise synchronizing the CPS datasets 1209 in accordance with, inter alia, acquisition latencies of the CPS datasets 1209 .
- the acquisition latency (L ACQ ) of a CPS dataset 1209 refers to a latency between the time at which the acquisition engine 1206 attempts and/or expects to acquire the CPS dataset 1209 and the time at which the particular CPS dataset 1209 is received, captured, extracted, and/or otherwise acquired by the acquisition engine 1206 .
- the acquisition latency (L ACQ ) of a CPS dataset 1209 may comprise a latency for: communication of a request to a source of the CPS dataset 1209 (a particular cyber-physical component 102 ), acquisition of the CPS dataset 1209 at the source, communication of the CPS dataset 1209 back to the acquisition engine 1206 , acquisition of the CPS dataset 1209 by the acquisition engine (e.g., latency for monitoring, capturing, inspecting, extracting, and/or otherwise acquiring the CPS dataset 1209 at the RS agent 110 ), and/or the like.
- the synchronizing may comprise correlating the acquisition time ⁇ (a timestamp and/or other identifying information) with received CPS datasets 1209 (e.g., timestamps and/or other identifying information of the CPS datasets 1209 ).
- the acquisition engine 1206 may be configured to evaluate acquisition latencies of the CPS datasets 1209 , and may reject CPS datasets 1209 having acquisition latencies that exceed one or more latency thresholds (e.g., reject CPS datasets 1209 where L ACQ > ⁇ AT, where ⁇ AT is an acquisition latency threshold).
- the acquisition engine 1206 may be further configured to synchronize cyber and/or physical state information of the CPS datasets 1209 .
- the synchronizing may comprise mitigating state synchronization deviation between the CPS datasets 1209 .
- the acquisition engine 1206 may be configured to synchronize cyber-physical state information of the CPS datasets 1209 , such that the cyber-physical state information of the CPS datasets 1209 corresponding to a same (and/or substantially same) acquisition time (e.g., acquisition time ⁇ ).
- the CPS datasets 1209 may comprise timestamps and/or other synchronization information indicating acquisition times for the cyber and/or physical state information thereof.
- the acquisition engine 1206 may determine the CPS acquisition time ( ⁇ CPS ) of respective CPS datasets 1209 by, inter alia, inspecting cyber-physical state information of the CPS datasets 1209 , evaluating timestamps associated with the cyber-physical state information, accessing synchronization information of the CPS datasets 1209 (e.g., accessing timestamps associated with sensor, actuator, and/or control data of the CPS dataset 1209 ), and/or the like.
- the acquisition engine 1206 may be configured to estimate the CPS acquisition time ( ⁇ CPS ) of a CPS dataset 1209 based on a latency involved in requesting, capturing, extracting, and/or otherwise acquiring the CPS dataset 1209 .
- the CPS acquisition time ( ⁇ CPS ) of a CPS dataset 1209 may correspond to a latency involved in requesting the CPS dataset 1209 (e.g., latency for communication of a request to a cyber-physical component 102 (L REQ ), such that the cyber and/or physical state information returned therefrom corresponds to ⁇ +L REQ rather than ⁇ ).
- the L REQ for respective sources of CPS datasets 1209 may be defined by, inter alia, cyber state metadata 220 pertaining to cyber paths 126 and/or cyber fnodes 124 therebetween coupling the RS agent 110 to the respective sources.
- the acquisition engine 1206 may determine the CPS acquisition time ( ⁇ CPS ) for a CPS dataset 1209 received from a cyber-physical component 102 configured to send cyber-physical state information to the RS agent 110 in accordance with a particular monitoring scheme.
- the acquisition engine 1206 may be configured to modify the cyber-physical state information of one or more CPS datasets 1209 in accordance with the determined CPS acquisition times ( ⁇ CPS ), latencies, and/or state deviations S DEV thereof.
- the acquisition engine 1206 may be configured to ignore S DEV that are unlikely to adversely affect the accuracy of the cyber-physical state metadata 111 (e.g., may ignore S DEV lower than a state deviation threshold).
- the acquisition engine 1206 may be configured to mitigate state deviations (S DEV ), which may comprise modifying the cyber-physical state information having state deviations S DEV that exceed one or more thresholds.
- the acquisition engine 1206 may be configured to modify the cyber-physical state information in accordance with a model, such as a process model, observer model, Kalman filter, and/or the like, as disclosed in further detail herein. Alternatively, or in addition, the acquisition engine 1206 may be configured to adapt acquisition of the respective CPS datasets 1209 to, inter alia, reduce the S DEV thereof (and/or reduce differences in CPS acquisition times ( ⁇ CPS ) therebetween).
- the acquisition engine 1206 may be configured to schedule acquisition of respective CPS datasets 1209 based on the S DEV thereof, which may comprise scheduling communication of requests for one or more CPS datasets 1209 (e.g., scheduling the requests in accordance with request latencies L REQ of respective sources of cyber-physical state information of the one or more CPS datasets 1209 ), configuring respective sources to acquire and/or communicate cyber-physical state information in accordance with target acquisition times ⁇ (e.g., synchronizing monitoring schemes of one or more cyber-physical components 102 with target acquisition times ⁇ ), scheduling operations to generate one or more CPS datasets 1209 (e.g., scheduling the operations based on latencies L GEN for the acquisition engine 1206 to generate cyber-physical state information of the one or more CPS datasets 1209 ), and/or the like.
- scheduling communication of requests for one or more CPS datasets 1209 e.g., scheduling the requests in accordance with request latencies L REQ of respective sources of cyber-physical state information of the one or more CPS
- Acquiring cyber-physical state data 1207 configured to characterize the cyber-physical state of the control system 101 at a target acquisition time ⁇ may comprise the acquisition engine 1206 sending requests for respective cyber-physical state information prior to the acquisition time ⁇ (e.g., sending a request for a CPS dataset 1209 at ⁇ L REQ , where L REQ is the request latency of the source of the cyber-physical state information of the CPS dataset 1209 ).
- the acquisition engine 1206 may be further configured to schedule operations to generate cyber-physical state information prior to the acquisition time ⁇ (e.g., schedule operations to monitor, capture, inspect, and/or extract cyber-physical state information from messages on the CS network 122 at ⁇ L GEN , where L GEN is the latency for generation of the cyber-physical state information by the acquisition engine 1206 ).
- schedule operations to generate cyber-physical state information prior to the acquisition time ⁇ e.g., schedule operations to monitor, capture, inspect, and/or extract cyber-physical state information from messages on the CS network 122 at ⁇ L GEN , where L GEN is the latency for generation of the cyber-physical state information by the acquisition engine 1206 ).
- L GEN is the latency for generation of the cyber-physical state information by the acquisition engine 1206 .
- the acquisition engine 1206 may be further configured to derive acquired cyber-physical state metadata 1211 from the acquired cyber-physical state data 1207 .
- the acquisition engine 1206 may be configured to derive: acquired cyber state metadata 1211 corresponding to the cyber state metadata 220 (and/or respective portions thereof), acquired cyber state parameters 1222 corresponding to one or more cyber state parameters 222 , acquired cyber state signatures 1228 corresponding to one or more cyber state signatures 228 (and/or portions thereof), acquired physical state metadata 1240 corresponding to the physical state metadata 240 (and/or respective portions thereof), acquired physical state parameters 1242 corresponding to one or more physical state parameters 242 , acquired cyber state signatures 1248 corresponding to one or more physical state signatures (and/or portions thereof), and so on.
- the deriving may include, but is not limited to: extracting features from the acquired cyber-physical state data 1207 , performing calculations on the acquired cyber-physical state data 1207 (e.g., calculating statistical characteristics of cyber communication at particular cyber nodes 124 , as disclosed herein), extrapolating acquired cyber state parameters 1222 and/or physical state parameters 1242 from the acquired cyber-physical state data 1207 , estimating acquired cyber state parameters 1222 and/or physical state parameters 1242 from the acquired cyber-physical state data 1207 , predicting acquired cyber state parameters 1222 and/or physical state parameters 1242 from the acquired cyber-physical state data 1207 , and/or the like.
- the deriving may further comprise calculating one or more CPSS 118 signatures characterizing the acquired cyber-physical state metadata 1211 , which may include acquired cyber state signatures 1228 , acquired physical state signatures 1248 , and/or the like.
- the acquisition engine 1206 may be configured to generate the signatures 1228 and/or 1248 in accordance with the signature schema 116 , as disclosed herein.
- the RS agent 110 may further comprise a state engine 1290 , which may be configured to incorporate the acquired cyber-physical state metadata 1211 into the cyber-physical state metadata 111 .
- incorporating the acquired cyber-physical state metadata 1211 may comprise importing the acquired cyber-physical state metadata 1211 into the cyber-physical metadata 111 .
- the importing may comprise replacing existing cyber-physical state metadata 111 (if any) with the acquired cyber-physical state metadata 1211 .
- the importing may comprise retaining cyber-physical state metadata 111 configured to characterize the cyber-physical state of the control system 101 at one or more previous acquisition times, as disclosed in further detail herein.
- the state engine 1290 may be further configured to update the cyber-physical state metadata 111 with acquisition information (e.g., associate the cyber-physical state metadata 111 with the acquisition time(s) thereof, as disclosed herein).
- the acquisition engine 1206 may be configured to acquire cyber-physical state data 1207 (and/or CPS datasets 1209 ) in conjunction with communication of state keys 160 by the communication manager 1216 .
- the RS agent 110 may be configured to communicate state keys 160 through selected regions of the control system 101 .
- the region of the control system 101 covered by a state key 160 may, therefore, refer to the region of the control system 101 through which the state key 160 is to be communicated.
- the acquisition engine 1206 may be configured to acquire cyber-physical state data 1207 from regions of the control system 101 covered by respective state keys 160 .
- the acquisition engine 1206 may be configured to acquire the cyber-physical state data 1207 during communication of the respective state keys 160 (e.g., concurrently with communication of the state keys 160 ).
- Communication of a state key 160 through a selected region of the control system 101 may trigger acquisition of cyber-physical state information pertaining to the selected region by the acquisition engine 1206 (e.g., the time at which the state key 160 is communicated may comprise and/or correspond to the target acquisition time ⁇ of the acquisition engine 1206 ).
- the acquisition engine 1206 may be configured to acquire cyber-physical state data 1207 pertaining to, inter alia, cyber-physical components 102 within the region covered by the state key 160 .
- Error metrics 175 of the respective state keys 160 may, therefore, accurately indicate the likelihood of error in the corresponding acquired cyber-physical state data 1207 (and/or the acquired cyber-physical state metadata 1211 derived therefrom).
- the acquisition engine 1206 may be further configured to acquire cyber-physical state data 1207 (and/or respective CPS datasets 1209 ) in conjunction with communication of state key fragments 161 .
- communicating a state key 160 through a selected region of the control system 101 may comprise communicating fragments 161 A-N of the state key 160 through CPC paths 108 of the selected region.
- Communicating a state key fragment 161 through a CPC path 108 of a CPCE 105 may comprise: sending the fragment 161 through a first cyber path 126 (to a correlator 166 , such as an actuator device 146 , controller 132 , and/or the like), communicating corresponding validation data 171 to a receiver 168 (e.g., a sensor device 144 , controller 132 , and/or the like) by a physical control coupling 148 that comprises and/or corresponds to a PPV 155 of the CPCE 105 , and returning the validation data 171 through a second cyber path 126 .
- a correlator 166 such as an actuator device 146 , controller 132 , and/or the like
- Acquiring cyber-physical state data 1207 in conjunction with communication of a state key fragment 161 through a CPC path 108 may comprise acquiring cyber-physical state data 1207 pertaining to the CPE path 108 (e.g., acquiring CPS datasets 1209 pertaining to cyber-physical components 102 of the CPE path 108 ).
- acquiring cyber-physical state data 1207 corresponding to a state key 160 may comprise acquiring a plurality of regional cyber-physical state (RCPS) datasets 1217 A-N, the RCPS datasets 1217 A-N comprising cyber and/or physical state data 1207 corresponding to communication of a respective fragment 161 A-N of the state key 160 through a respective CPC path 108 .
- RCPS regional cyber-physical state
- the RCPS dataset 1217 corresponding to communication of a state key fragment 161 may include, but is not limited to cyber-physical state information pertaining to: cyber-physical components 102 of the CPE path 108 , one or more cyber paths 126 , one or more physical control couplings 148 , one or more PPV 155 , and/or the like.
- Acquiring an RCPS dataset 1217 may comprise acquiring one or more CPS datasets 1209 corresponding to a target acquisition time ⁇ , as disclosed herein.
- the CPE paths 108 through which respective state key fragments 161 A-N are communicated may overlap (may have one or more cyber-physical components 102 in common).
- the acquisition engine 1206 may be configured to adapt acquisition of the RCPS data 1217 A-N to prevent redundant acquisition (e.g., prevent acquisition of same cyber-physical state data 1207 in conjunction with communication of different fragments 161 A-N of same state keys 160 ).
- the acquisition engine 1206 may be further configured to derive acquired cyber-physical state metadata 1211 from the RCPS data 1217 A-N, which may be incorporated into the cyber-physical state metadata 111 , as disclosed herein.
- the security engine 1210 may be configured to, inter alia, determine error metrics 175 in response to communication of respective state keys 160 , which may comprise determining key errors 176 quantifying differences between state keys 160 and corresponding cyber-physical reconstructions thereof (validation keys 170 ) and/or fragment errors 177 A-N quantifying differences between fragments 161 A-N of the respective state keys 160 and corresponding cyber-physical reproductions thereof (respective validation data 171 A-N).
- the security engine 1210 may be further configured to determine cyber-physical health metadata 180 pertaining to the control system 101 based on, inter alia, the determined error metrics 175 .
- the acquisition engine 1206 may be configured to acquire cyber-physical state metadata 1211 in conjunction with communication of respective state keys 160 (and/or fragments 161 thereof).
- the acquisition engine 1206 may be configured to acquire cyber-physical state metadata 1211 configured to cover the same and/or similar regions as the respective state keys 160 .
- the error metrics 175 determined in response to communication of the respective state keys 160 may, therefore, indicate whether the corresponding acquired cyber-physical state metadata 1211 comprises an accurate characterization of the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof).
- the security engine 1210 may be configured to determine CPSC metrics 575 , which may be configured to quantify a confidence in the cyber-physical state metadata 111 (and/or respective portions thereof), as disclosed herein.
- the security engine 1210 may be further configured to determine CPSC metrics 575 pertaining to the acquired cyber-physical state metadata 1211 .
- the CPSC metrics 575 may be based on, inter alia, error metrics 175 of the state keys 160 corresponding to the acquired cyber-physical state metadata 1211 .
- the CPSC metrics 575 may comprise an acquisition confidence 1276 , which may quantify a confidence that the acquired cyber-physical state metadata 1211 accurately represents the cyber-physical state 1201 of the control system 101 (and/or regions of the control system 101 covered by the state keys 160 associated therewith).
- the acquisition confidence 1276 determined for acquired cyber-physical state metadata 1211 obtained in conjunction with communication of particular state keys 160 may correspond to error metrics 175 (e.g., key errors 176 ) of the particular state keys 160 .
- the CPSC metrics 575 may further comprise one or more acquisition set confidences 1277 A-N, which may quantify a confidence that portions of the acquired cyber-physical state metadata 1211 derived from respective acquired RCPS data 1217 A-N accurately represent the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof).
- the acquisition set confidences 1277 A-N determined for acquired cyber-physical state metadata 1211 obtained in conjunction with communication of respective fragments 161 A-N of particular state keys 160 may correspond to error metrics 175 of the particular state keys 160 (e.g., respective fragment errors 177 A-N of the particular state keys 160 ).
- the CPSC metrics 575 may further incorporate characteristics pertaining to the acquisition of the cyber-physical state metadata 1211 from the control system 101 , as state acquisition noise, acquisition latency, acquisition frequency, state jitter, state deviation, and/or the like, as disclosed herein.
- the state engine 1290 may be configured to incorporate acquired cyber-physical state metadata 1211 into the cyber-physical state metadata 111 .
- the state engine 1290 may be configured to incorporate the acquired cyber-physical state metadata 1211 in accordance with the CPSC metrics 575 thereof.
- the state engine 1290 may be configured to import the acquired cyber-physical state metadata 1211 into the cyber-physical metadata 111 , as disclosed herein (e.g., replace existing cyber-physical state metadata 111 with the acquired cyber-physical state metadata 1211 ).
- the importing may comprise updating the cyber-physical state metadata 111 to indicate, inter alia, times at which respective portions of the cyber-physical state metadata 111 were acquired (e.g., specify the acquisition time ⁇ of the imported cyber-physical state metadata 111 ).
- the state engine 1290 may be configured to discard cyber-physical state metadata 111 replaced by the acquired cyber-physical state metadata 1211 (e.g., discard cyber-physical state metadata 111 acquired prior to the current acquisition time ⁇ ).
- the state engine 1290 may be configured to maintain cyber-physical state metadata 111 corresponding to one or more previous acquisition times ⁇ in a data store (e.g., historical data store 1219 ).
- the historical data store 1219 may comprise any suitable storage means, as disclosed herein.
- the historical data store 1219 may comprise and/or correspond to storage resources of the RS agent 110 .
- the historical data store 1219 may comprise external storage resources (e.g., may comprise data storage resources of another cyber-physical component 102 of the control system 101 ).
- the historical data store 1219 may comprise a plurality of historical cyber-physical state datasets, each comprising cyber-physical state metadata 111 corresponding to a respective time.
- Importing the acquired cyber-physical state metadata 1211 may further comprise determining cyber-physical health metadata 180 based on, inter alia, error and/or CPSC metrics 175 / 575 corresponding to the acquired cyber-physical state metadata 1211 as disclosed herein.
- the state engine 1290 may be configured to determine whether to import acquired cyber-physical state metadata 1211 based on the error and/or CPSC metrics 175 / 575 thereof.
- the state engine 1290 may compare the error and/or CPSC metrics 175 / 575 of the acquired cyber-physical state metadata 1211 to one or more thresholds, and may determine whether to incorporate the acquired cyber-physical state metadata 1211 based on the comparing.
- the state engine 1290 may defer incorporation of low-confidence acquired cyber-physical state metadata 1211 (acquired cyber-physical state metadata 1211 having error and/or CPSC metrics 175 / 575 that fail to satisfy one or more error and/or confidence thresholds).
- the state engine 1290 may configure subsequent state keys 160 to cover the same and/or overlapping regions of the control system 101 .
- the state engine 1290 may evaluate the resulting error and/or CPSC metrics 175 / 575 , determine whether the error and/or CPSC metrics 175 / 575 satisfy the error and/or confidence thresholds, and, if so, import the more recently acquired cyber-physical state metadata 1211 .
- state engine 1290 may incorporate the acquired cyber-physical state metadata 1211 , which may comprise recording the low CPSC metrics 575 associated therewith in the cyber-physical health metadata 180 , as disclosed herein.
- the state engine 1290 may be further configured to update corresponding acquisition parameters 112 to indicate the low CPSC metrics 575 and/or mark the corresponding portions of the cyber-physical state metadata 111 for reacquisition.
- the RS agent 110 may be configured to generate and/or communicate state keys 160 in accordance with a coverage schema 511 .
- the coverage schema 511 may comprise selection criteria by which regions of the control system 101 may be selected for coverage by respective state keys 160 (and/or respective fragments 161 A-N thereof). Selecting a region for a state key 160 may comprise selecting a region through which the state key 160 (and/or fragments 161 A-N thereof) are to be communicated. The selecting may further comprise selecting the region for acquisition of cyber-physical state metadata 1211 therefrom, as disclosed herein.
- the coverage schema 511 may comprise a weighted selection criterion that incorporates various factors pertaining to respective regions of the control system 101 (e.g., respective CPCE 105 ), such as a priority, error metrics 175 , error metric age, and/or the like.
- the coverage schema 511 may comprise weighted selection criteria corresponding to acquisition of cyber-physical state metadata 1211 pertaining to respective regions of the control system 101 .
- the selection criteria may configure the communication of state keys 160 to ensure coverage of the control system 101 by the acquired cyber-physical state metadata 1211 .
- weights may be assigned to respective CPCE 105 as follows:
- W i is the weight assigned to a particular CPCE 105
- W pri,i may be a priority weighting factor
- W err may be an error weighting and/or scaling factor applied to error metrics 175 and/or error metric parameters 181 of the CPCE 105 (e i )
- W err_age may be a weighting and/or scaling factor applied to an error age parameter (err_age i ), as disclosed herein.
- the weighting may further comprise a confidence weighting factor (W c ) applied to a cyber-physical state confidence parameter (c i ), which may comprise and/or correspond to a confidence that the cyber-physical state metadata 111 corresponding to the CPCE 105 accurately represents the cyber-physical state of the CPCE 105 (e.g., may comprise and/or correspond to confidence metrics of the cyber-physical health metadata 180 and/or CPSC metrics 575 , as disclosed herein).
- W c confidence weighting factor
- c i cyber-physical state confidence parameter
- the cyber-physical state confidence parameter (c i ) may be inversely proportional to the confidence and/or CPSC metrics 575 , such that CPCE 105 having lower confidence and/or CPSC metrics 575 are prioritized for coverage over CPCE 105 having higher confidence and/or CPSC metrics 575 .
- W state_age may be a weighting and/or scaling factor applied to a cyber-physical state parameter (state_age i ), which may correspond to an age of cyber-physical state metadata 111 of the CPCE 105 , such that CPCE 105 having higher state age parameters are weighted for selection over other CPCE 105 .
- the time at which error metrics 175 of a CPCE 105 are obtained may correspond to the time at which corresponding cyber-physical metadata 111 are acquired therefrom and, as such, the cyber-physical state age parameter (state_ager i ) of a CPCE 105 may be similar to, or the same as, the error age parameter (err_ager i ) of the CPCE 105 , such that one or more of the parameters may be omitted (or combined) in the weighting.
- the coverage schema 511 may, therefore, define selection and/or weighting criteria by which regions of the control system 101 may be selected for coverage by respective state keys 160 and/or cyber-physical state metadata 111 are acquired therefrom.
- the coverage schema 511 may define one or more “snapshot” schemes.
- a “snapshot” coverage scheme refers to a coverage scheme in which a set of state keys 160 are configured for communication through a target region of the control system 101 substantially concurrently.
- the target region may comprise and/or correspond to a plurality of CPCE 105 of the control system 101 .
- the target region may cover the control system 101 (e.g., may comprise substantially all of the cyber-physical components 102 , CPE 105 , CPE paths 108 and/or PPV 155 of the control system 101 ).
- Implementing a snapshot scheme covering a target region may comprise configuring a set of state keys 160 to cover the target region (e.g., configuring a set of state keys 160 such that the target region is fully covered by and/or contained within a union of the regions covered by the respective state keys 160 ).
- Communicating a set of state keys 160 “substantially concurrently” may comprise communicating the set of state keys 160 at substantially a same time, substantially simultaneously, in parallel, on separate threads, and/or the like.
- Communicating a set of state keys 160 substantially concurrently may comprise transmitting the state keys 160 independently of acquiring validation keys 170 corresponding thereto (e.g., may comprise transmitting a plurality of state key 160 of the set prior to acquiring validation keys 170 corresponding to any of the set of state keys 160 ).
- Communicating the set of state keys 160 substantially concurrently may comprise communicating fragments 161 A-N of respective state keys 160 of the set at substantially a same time, substantially simultaneously, in parallel, on separate threads, and/or the like.
- communicating the set of state keys 160 substantially concurrently may comprise interleaving communication of fragments 161 A-N of respective state keys 160 of the set.
- Communicating the set of state keys 160 substantially concurrently may comprise communicating fragments 161 A-N of the state keys 160 independently of acquiring validation data 171 A-N corresponding thereto (e.g., may comprise transmitting a plurality of fragments 161 A-N of a plurality of state keys 160 of the set prior to acquiring validation data 171 A-N corresponding to any of the fragments 161 A-N of any of the state keys 160 of the set).
- Implementing a snapshot scheme may further comprise acquiring cyber-physical state metadata 1211 covering the target region in conjunction with the substantially concurrent communication of the set of state keys 160 .
- Implementing the snapshot scheme may comprise acquiring cyber-physical state metadata 1211 configured to characterize the cyber and/or physical state of the target region at an acquisition time ⁇ , the acquisition time ⁇ corresponding to concurrent communication of the set of state keys 160 .
- the acquisition engine 1206 may be configured to acquire a plurality of CPS datasets 1209 , each CPS dataset 1209 comprising cyber-physical state data 1207 configured to characterize a cyber and/or physical state of respective portions of the target region.
- Implementing the snapshot scheme may comprise requesting, monitoring, capturing, inspecting, generating, and/or otherwise acquiring the plurality CPS datasets 1209 substantially concurrently (e.g., a substantially a same time, simultaneously, in parallel, interleaved, and/or the like).
- implementing a snapshot scheme may comprise associating the CPS datasets 1209 with the acquisition time ⁇ , synchronizing the CPS datasets 1209 to the acquisition time ⁇ , modifying cyber-physical state information of one or more of the CPS datasets 1209 in accordance with the acquisition time ⁇ , deriving acquired cyber-physical state metadata 1211 therefrom, and/or the like, as disclosed herein.
- Implementing the snapshot scheme may further comprise the state engine 1290 importing the acquired cyber-physical state metadata 1211 in accordance with the error and/or CPSC metrics 127 / 575 of the corresponding set of state keys 160 , as disclosed herein.
- the cyber-physical state metadata 111 maintained by the state engine 1290 may be comprise, define, and/or characterize the cyber-physical state 1201 of the control system 101 , including the cyber state 1202 and the physical state 1204 of the control system 101 (and/or respective regions thereof).
- the cyber state 1202 may comprise and/or characterized by cyber state metadata 220 , cyber state parameters 222 , cyber state signatures 228 , acquired cyber state metadata 1220 , acquired cyber state parameters 1222 , acquired cyber state signatures 1228 , and/or the like.
- the physical state 1204 may comprise and/or be characterized by physical state metadata 240 , physical state parameters 242 , physical state signatures 248 , acquired physical state metadata 1240 , acquired physical state parameters 1242 , acquired physical state signatures 1248 , and/or the like.
- the security engine 1210 may be configured to determine cyber-physical health metadata 180 for the control system 101 (and/or respective regions thereof) in accordance with error metrics 175 , CPSC metrics 575 , and/or other information pertaining to the communication of state keys 160 and/or acquisition of cyber-physical state metadata 111 , as disclosed herein.
- the security engine 1210 may be further configured to determine the cyber-physical health metadata 180 based on the determined cyber-physical state 1201 of the control system 101 .
- the security engine 1210 may comprise a cyber state evaluator 1252 configured to determine cyber state metrics 553 , which may be configured to quantify a health of the cyber state 1202 of the control system 101 (and/or respective regions thereof), as disclosed herein.
- the security engine 1210 may further comprise a physical state evaluator 1254 configured to determine physical state metrics 555 , which may be configured to quantify a health of the physical state 1204 of the control system 101 (and/or respective regions thereof), as disclosed herein.
- Determining the cyber state metrics 553 may comprise the cyber state evaluator 1252 applying one or more CSER to cyber state characteristics of the control system 101 , as disclosed herein, the cyber state characteristics comprising and/or corresponding to one or more of: the cyber state 1202 of the control system 101 , the cyber state metadata 220 , the acquired cyber state metadata 1220 , portion(s) thereof, and/or the like.
- Determining the physical state metrics 555 may comprise the physical state evaluator 1254 applying one or more PSER to physical state characteristics of the control system 101 , as disclosed herein, the physical state characteristics comprising and/or corresponding to one or more of: the physical state 1204 of the control system 101 , the physical state metadata 240 , the acquired physical state metadata 1240 , portion(s) thereof, and/or the like.
- determining the cyber state metrics 553 may comprise the cyber state evaluator 1252 comparing the acquired cyber state 1202 of the control system 101 (and/or respective regions thereof) to one or more CSB 552 , as disclosed herein.
- the CSB 552 may comprise cyber baseline characteristics, which as disclosed herein, may be configured to characterize respective cyber states 1202 , cyber behaviors, and/or cyber state metadata 220 / 1220 .
- respective CSB 552 may correspond to respective characteristics of the cyber state 1202 of the control system 101 (and/or respective regions thereof), such as the cyber state metadata 220 , cyber state parameters 222 , cyber state signatures 228 , acquired cyber state metadata 1220 , acquired cyber state parameters 1222 , acquired cyber state signatures 1228 , portion(s) thereof, and/or the like.
- respective CSB 552 may be extracted, determined, and/or learned from the cyber state information (e.g., acquired cyber-physical state data 1205 , acquired cyber state metadata 1220 , cyber state metadata 220 , cyber state metadata 20 maintained within the historical data store 1219 , training data and/or the like).
- Determining the cyber state metrics 553 may comprise determining CSB error metrics for respective CSB 552 , which may quantify a degree to which the cyber state 1202 of the control system 101 corresponding to respective CSB 552 , including healthy CSB 552 and unhealthy CSB 552 .
- the comparing may further comprise identifying one or more proximate CSB 552 , which may comprise CSB 552 that most closely correspond to the current cyber state 1202 of the control system 101 , as disclosed herein.
- determining the physical state metrics 555 may comprise the physical state evaluator 1252 comparing the acquired physical state 1204 of the control system 101 (and/or respective regions thereof) to one or more PSB 554 , as disclosed herein.
- the PSB 554 may comprise physical baseline characteristics, which as disclosed herein, may be configured to characterize respective physical states 1204 , physical behaviors, and/or physical state metadata 240 / 1240 .
- respective PSB 554 may correspond to respective characteristics of the physical state 1204 of the control system 101 (and/or respective regions thereof), such as the physical state metadata 240 , physical state parameters 242 , physical state signatures 248 , acquired physical state metadata 1240 , acquired physical state parameters 1242 , acquired physical state signatures 1248 , portion(s) thereof, and/or the like.
- the features of respective PSB 554 may be extracted, determined, and/or learned from the physical state information (e.g., acquired physical-physical state data 1205 , acquired physical state metadata 1240 , physical state metadata 240 , physical state metadata 20 maintained within the historical data store 1219 , training data and/or the like).
- Determining the physical state metrics 555 may comprise determining PSB error metrics for respective PSB 554 , which may quantify a degree to which the physical state 1204 of the control system 101 corresponding to respective PSB 554 , including healthy PSB 554 and unhealthy PSB 554 .
- the comparing may further comprise identifying one or more proximate PSB 554 , which may comprise PSB 554 that most closely correspond to the current physical state 1204 of the control system 101 , as disclosed herein.
- the security engine 1210 may be further configured to incorporate the cyber state metrics 553 into the cyber health metadata 182 , as disclosed herein.
- the security engine 1210 may be configured to determine cyber health metrics 282 for the control system 101 (and/or respective regions thereof), which may comprise and/or correspond to the error and/or CPSC metrics 175 / 575 , as disclosed herein.
- the security engine 1210 may be further configured to incorporate the cyber state metrics 553 into the cyber health metrics 282 , as disclosed herein.
- the cyber health metrics 282 may be based on, inter alia, evaluation of one or more CSER, CSB error metrics of respective CSB 552 (e.g., healthy and/or unhealthy CSB 552 ), and/or the like, as disclosed herein.
- the cyber health metrics 282 may be configured to quantify a degree to which the acquired cyber state 1202 of the control system 101 (and/or respective regions thereof) correspond to healthy and/or unhealthy CSB 552 , identify proximate CSB 552 , and/or the like.
- the security engine 1210 may be further configured to incorporate the physical state metrics 555 into the physical health metadata 184 , as disclosed herein.
- the security engine 1210 may be configured to determine physical health metrics 284 for the control system 101 (and/or respective regions thereof), which may comprise and/or correspond to the error and/or CPSC metrics 175 / 575 , as disclosed herein.
- the security engine 1210 may be further configured to incorporate the physical state metrics 555 into the physical health metrics 284 , as disclosed herein.
- the physical health metrics 284 may be based on, inter alia, evaluation of one or more PSER, PSB error metrics of respective PSB 554 (e.g., healthy and/or unhealthy PSB 554 ), and/or the like, as disclosed herein.
- the physical health metrics 284 may be configured to quantify a degree to which the acquired physical state 1202 of the control system 101 (and/or respective regions thereof) correspond to healthy and/or unhealthy PSB 554 , identify proximate PSB 554 , and/or the like.
- the security engine 1210 may be configured to implement one or more mitigation operations in accordance with the determined cyber-physical state metadata 180 , cyber health metadata 182 , cyber health metrics 282 , physical health metadata 184 , and/or physical health metrics 284 , as disclosed herein.
- the security engine 1210 may be configured to implement mitigation operations in response to cyber and/or physical state metrics 553 / 555 indicating failure of one or more CSER and/or PSER, as disclosed herein.
- the security engine 1210 may be configured to implement mitigation operations in response to cyber and/or physical state metrics 553 / 555 indicating that the cyber and/or physical state 1202 / 1204 of the control system 101 is proximate to unhealthy CSB and/or PSB 552 / 554 .
- the security engine 1210 may be configured to implement mitigation operations in accordance with identified CSER/PSER failures, proximate unhealthy CSB and/or PSB 552 / 554 , and/or the like.
- the cyber state metrics 553 may identify CSER failures and/or indicate that the acquired cyber state 1202 is proximate to (and/or is within a proximity threshold of) an unhealthy CSB 552 .
- a CSER failure and/or proximity to an unhealthy CSB 552 may indicate a particular type of cyber-attack, cyber-attack directed to particular cyber components 120 , compromise of particular cyber components 120 (e.g., one or more cyber nodes 124 ), and/or the like.
- the security engine 1210 may implement corresponding mitigation operations, which may comprise operations to: generate notifications corresponding to the failed CSER, generate notifications indicating the unhealthy CSB 552 , mitigate cyber-attacks and/or cyber-attack vectors associated with the failed CSER and/or unhealthy CSB 552 , which may comprise implementing operations to: mitigate cyber-attacks directed against identified cyber components 120 (e.g., deactivating identified cyber components 120 ), mitigate compromise of identified cyber components 120 (e.g., filter adversarial messages injected by the identified cyber components 120 ), shut down identified cyber-attack vectors (e.g., shut down one or more gateways and/or external channels), and/or the like.
- mitigate cyber-attacks directed against identified cyber components 120 e.g., deactivating identified cyber components 120
- mitigate compromise of identified cyber components 120 e.g., filter adversarial messages injected by the identified cyber components 120
- shut down identified cyber-attack vectors e.g., shut down one or more gateways and/or external channels
- the security engine 1210 may be further configured to implement mitigation operations in response to failure of one or more PSER and/or determining that the acquired physical state 1204 is proximate to an unhealthy PSB 554 .
- a PSER failure and/or proximity to an unhealthy PSB 554 may indicate a particular type of physical and/or component attack, physical attack vector, physical failure mode, and/or the like.
- the security engine 1210 may implement corresponding mitigation operations, which may comprise operations to: generate notifications indicating the failed PSER, generate notifications indicating the unhealthy PSB 554 , mitigate attack(s) and/or failure modes associated with the failed PSER and/or unhealthy PSB 554 , and/or the like.
- the mitigation operations may comprise operations to mitigate attacks directed against identified computational components 130 (e.g., reset specified computational components 130 , modify control functions implemented thereby, and/or the like), mitigate attacks directed against identified physical components 140 (e.g., ignore sensor data acquired by identified sensor devices 144 and/or deactivate identified actuator devices 146 ), deactivate physical components 140 and/or PPV 155 operating in identified failure modes, and/or the like.
- identified computational components 130 e.g., reset specified computational components 130 , modify control functions implemented thereby, and/or the like
- mitigate attacks directed against identified physical components 140 e.g., ignore sensor data acquired by identified sensor devices 144 and/or deactivate identified actuator devices 146
- deactivate physical components 140 and/or PPV 155 operating in identified failure modes, and/or the like.
- FIG. 12B is a schematic block diagram of another embodiment of cyber-physical system 100 comprising an RS agent 110 , as disclosed herein.
- the RS agent 110 may be configured to communicate state keys 160 through selected regions of the control system 101 , and determine error metrics 175 for the state keys 160 , as disclosed herein.
- the RS agent 110 may be further configured to acquire the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof), which may comprise acquiring cyber-physical state metadata 1211 in conjunction with communication of respective state keys 160 (and/or fragments 161 thereof), determining CPSC metrics 575 quantifying a confidence in the accuracy of the acquired cyber-physical state metadata 1211 , and/or incorporating the acquired cyber-physical state metadata 1211 in accordance with the determined CPSC metrics 575 .
- the RS agent 110 may comprise a cyber state evaluator 1252 , which may be configured to, inter alia, determine cyber state metrics 553 for the control system 101 (and/or respective regions thereof) in accordance with the acquired cyber state 1202 , as disclosed herein.
- the RS agent 110 may further comprise a physical state evaluator 1254 , which may be configured to, inter alia, determine physical state metrics 555 for the control system 101 (and/or respective regions thereof) in accordance with the acquired physical state 1204 , as disclosed herein.
- acquiring cyber-physical state metadata 1211 may comprise acquiring cyber-physical state data 1207 configured to comprise, define, and/or characterize the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof) at a specified acquisition time ⁇ .
- the corresponding cyber-physical state metadata 111 maintained by the RS agent 110 may correspond to a time previous to the specified acquisition time ⁇ (e.g., may correspond to a previous acquisition time ⁇ -1 or ⁇ - ⁇ , where 1 and/or ⁇ represents the time between the specified acquisition time ⁇ and the time at which the cyber-physical state metadata 111 was last acquired, which may correspond to an acquisition frequency and/or period, as disclosed herein).
- the state engine 1290 may be configured to incorporate the acquired cyber-physical state metadata 1211 , which may comprise importing into the cyber-physical state metadata 111 , discarding cyber-physical state metadata 111 replaced thereby, and/or destaging the discarded cyber-physical state metadata 111 to the historical data store 1219 , as disclosed herein.
- the updated cyber-physical state metadata 111 may characterize the cyber and/or physical state 1202 / 1204 of the control system 101 (and/or respective regions thereof) at the specified acquisition time ⁇ .
- the state engine 1290 may be further configured to maintain cyber-physical state metadata 111 corresponding a plurality and/or range of acquisition times ⁇ .
- the state engine 1290 may be configured to retain cyber-physical state metadata 111 corresponding to a current acquisition time ⁇ and one or more previous acquisition times ⁇ - 1 , ⁇ - 2 , and so on.
- the state engine 1290 is configured to maintain cyber-physical state metadata 111 corresponding to a sliding window of cyber-physical states 1201 of the control system 101 (and/or respective regions thereof), including, but not limited to: a cyber-physical state 1201 A corresponding to a current acquisition time ⁇ , a cyber-physical state 1201 B corresponding to a previous acquisition time ⁇ -1, and so on, including cyber-physical state 1201 N corresponding to acquisition time ⁇ -n.
- Maintaining the cyber-physical state metadata may comprise: acquiring cyber-physical state metadata 1211 at a specified acquisition time ⁇ , importing the acquired cyber-physical state metadata 1211 , designating the specified acquisition time ⁇ as the current acquisition time ⁇ of the cyber-physical state metadata 111 , retaining cyber-physical state metadata 111 corresponding to acquisition times ⁇ through ⁇ -n, and discarding cyber-physical state metadata 111 corresponding to acquisition times outside of a through ⁇ -n.
- the retaining may comprise maintaining multiple versions of cyber-physical state metadata 111 , each version associated with respective acquisition times between a and ⁇ -n (e.g., retaining cyber state metadata 220 , cyber state parameters 222 , cyber state signatures 228 , physical state metadata 240 , physical state parameters 242 , and/or physical state signatures 248 having acquisition times between a and ⁇ -n).
- the discarding may comprise identifying cyber-physical state metadata 111 having acquisition times outside of a through ⁇ -n, removing the identified cyber-physical state metadata 111 , and/or moving the identified cyber-physical state metadata 111 to a data store (e.g., historical data store 1219 , as disclosed above).
- the cyber-physical state metadata 111 maintained by the RS agent 110 may comprise, define, and/or characterize the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof) at respective acquisition times ⁇ through ⁇ -n, which may correspond to cyber-physical states 1201 A-N, respectively.
- the cyber state evaluator 1252 may be configured to determine cyber state metrics 553 for the control system 101 (and/or respective regions thereof), which may comprise, inter alia, evaluating one or more CSER, as disclosed herein.
- determining the cyber state metrics 553 may comprise comparing one or more of the cyber states 1202 A-N (e.g., the current cyber state 1202 A) to respective CSB 552 , as disclosed herein.
- the physical state evaluator 1254 may be configured to determine physical state metrics 555 for the control system 101 (and/or respective regions thereof), which may comprise, inter alia, evaluating one or more PSER, as disclosed herein.
- determining the physical state metrics 555 may comprise comparing one or more of the physical states 1204 A-N (e.g., the current physical state 1204 A) to respective PSB 554 , as disclosed herein.
- determining the cyber state metrics 553 may comprise the evaluating CSER that correspond to a sliding window of cyber states 1202 A-N.
- a CSER may require that a mean message size characteristic of one or more cyber nodes 124 remain below a specified threshold.
- Evaluating the CSER may comprise determining mean message size characteristics of the cyber nodes 124 at respective acquisition times ⁇ -n through a (at cyber states 1202 N-A as maintained in the cyber-state metadata 111 ).
- Evaluating the CSER may comprise determining whether the mean message size satisfies the specified threshold throughout the sliding window (from ⁇ -n to ⁇ ).
- evaluating the CSER may comprise calculating a mean message size from ⁇ -n through a (e.g., combining mean message size characteristics across cyber states 1202 N-A), and comparing the calculated mean message size to the specified threshold.
- a CSER may pertain to cyber behavior spanning a range of acquisition times (e.g., from ⁇ -n to ⁇ ).
- a CSER may comprise an “unused connection” rule, which may require the number of “unused connections” to be lower than a threshold.
- Evaluating the “unused connection” CSER rule may comprise: identifying requests to open connections at earlier acquisition times in the window (e.g., at or around ⁇ -n), and detecting “unused” connections (e.g., detecting connections opened at about acquisition time ⁇ -n that remained unused at acquisition time ⁇ ). Evaluation of the CSER may fail if the number of unused connections exceed an unused connection threshold.
- determining the physical state metrics 555 may comprise the evaluating PSER that correspond to a sliding window of physical states 1204 A-N.
- a PSER may require that generators controlled by one or more CPCE 105 remain in phase, and/or return to in-phase operation within a threshold time after being disturbed.
- Evaluating a PSER may comprise determining whether the physical state metadata 240 indicates that the generators were out-of-phase from ⁇ -n to a and, if so, determining an amount of time the generators remained out-of-phase. Evaluation of the PSER may fail in response to determining that the generators were out-of-phase for more than a threshold re-synchronization time.
- a PSER may indicate that an actuator 146 (protective relay) is to open a branch breaker in response to detection of a fault by one or more sensor devices 144 .
- Evaluating the PSER may comprise determining whether a fault was detected during ⁇ -n to a (based on physical state metadata 240 of the one or more sensor devices 144 ) and, if so, determining whether the actuator 146 opened the branch breaker in response to detection of the fault. Evaluation of the PSER may fail in response to determining that the actuator device 146 failed to open the branch breaker and/or failed to open the branch breaker by a specified time after detection of the fault.
- CSER and/or PSER pertaining to cyber-physical state 1201 A-N at multiple acquisition times ⁇ as described herein, the disclosure is not limited in this regard and could be adapted to use, define, and/or evaluate any suitable cyber and/or physical state characteristics covering any suitable time period, window, and/or time range.
- the cyber state evaluator 1252 may be further configured to determine cyber state delta (Cy ⁇ ) metrics 1263 .
- Determining the Cy ⁇ metrics 1263 may comprise quantifying changes to the cyber state 1202 of the control system 101 (and/or respective regions thereof) as a function of acquisition time.
- Determining the Cy ⁇ metrics 1263 may comprise correlating cyber state information to a sliding window of cyber states 1202 A-N, which may provide for detection of cyber-attacks resulting in delayed and/or gradual changes to the cyber and/or physical state 1202 / 1204 of the control system 101 .
- the Cy ⁇ metrics 1263 may enable the security engine 1210 to detect and/or mitigate cyber-physical attacks before the cyber state 1202 of the control system 101 exhibits the characteristics thereof (e.g., before the cyber state 1202 transitions from a healthy CSB 552 to an unhealthy CSB 552 ).
- the physical state evaluator 1254 may be further configured to determine physical state ⁇ (Phy ⁇ ) metrics 1265 . Determining the Phy ⁇ metrics 1265 may comprise quantifying changes to the physical state 1204 of the control system 101 (and/or respective regions thereof) as a function of acquisition time.
- Determining the Phy ⁇ metrics 1265 may comprise correlating physical state information to a sliding window of physical states 1204 A-N, which may provide for detection of cyber-physical attacks and/or failure modes resulting in delayed and/or gradual changes to the cyber and/or physical state 1202 / 1204 of the control system 101 .
- the Phy ⁇ metrics 1265 may enable the security engine 1210 to detect and/or mitigate cyber-physical attacks and/or failure modes before the physical state 1204 of the control system 101 exhibits the characteristics thereof (e.g., before the physical state 1204 transitions from a healthy CSB 554 to an unhealthy PSB 554 ).
- Determining the Cy ⁇ metrics 1263 may comprise the cyber state evaluator 1252 determining differences between respective cyber states 1202 A-N, and quantifying a degree to which the respective cyber states 1202 A-N are trending with respect to the evaluation of one or more CSER. Determining the Cy ⁇ metrics 1263 may comprise determining trends regarding CSER evaluation scores (e.g., whether the CSER scores are trending towards CSER failure). Alternatively, or in addition, determining the Cy ⁇ metrics 1263 may comprise determining trends in CSER failures (e.g., number of CSER failures from acquisition time ⁇ -n to ⁇ ). In some embodiments, determining the Cy ⁇ metrics 1263 may comprise determining whether the acquired cyber states 1202 A-N are trending toward unhealthy CSB 552 and away from healthy CSB 552 (or vice versa).
- Determining the Phy ⁇ metrics 1265 may comprise the physical state evaluator 1254 determining differences between respective physical states 1204 A-N, and quantifying a degree to which the respective physical states 1204 A-N are trending with respect to the evaluation of one or more PSER. Determining the Phy ⁇ metrics 1265 may comprise determining trends regarding PSER evaluation scores (e.g., whether the PSER scores are trending towards PSER failure). Alternatively, or in addition, determining the Phy ⁇ metrics 1265 may comprise determining trends in PSER failures (e.g., number of PSER failures from acquisition time ⁇ -n to a.
- determining the Phy ⁇ metrics 1265 may comprise evaluating differences between respective physical states 1204 A-N, and quantifying a degree to which the acquired physical states 1204 A-N are trending toward unhealthy PSB 554 and away from healthy PSB 554 (or vice versa).
- determining the Cy ⁇ metrics 1263 may comprise estimating a trajectory of the cyber state 1202 of the control system 101 , and/or respective regions thereof (e.g., estimating ⁇ right arrow over (Cy) ⁇ ).
- the trajectory estimate ⁇ right arrow over (Cy) ⁇ may be based on, inter alia, the sliding window of cyber states 1202 A-N.
- Estimating the trajectory ⁇ right arrow over (Cy) ⁇ may comprise modeling the changes in the cyber states 1202 A-N (e.g., modeling changes to the cyber state 1202 from acquisition time ⁇ -n to the current acquisition time ⁇ ).
- Determining the Cy ⁇ metrics 1263 may further comprise projecting the cyber state 1202 of the control system 101 (and/or respective regions thereof) in accordance with the estimated trajectory ⁇ right arrow over (Cy) ⁇ (e.g., projecting the cyber state 1202 at times ⁇ +1, ⁇ +2, and so on), and/or comparing the projected cyber state 1202 to one or more CSB 552 , as disclosed herein.
- the Cy ⁇ metrics 1263 may, therefore, indicate a likelihood that the cyber state 1202 will correspond to specified CSB 552 prior to cyber state 1202 exhibiting characteristics of the specified CSB 552 .
- the Cy ⁇ metrics 1263 may quantify a probability that future cyber state(s) 1202 of the control system 101 (and/or respective regions thereof) will correspond to healthy CSB 552 , unhealthy CSB 552 , and/or the like. Determining the Cy ⁇ metrics 1263 may comprise determining projected proximate CSB 552 (e.g., CSB 552 projected to be proximate to future cyber states 1202 of the control system 101 and/or respective regions thereof). Determining the Phy ⁇ metrics 1265 may comprise estimating a trajectory of the physical state 1204 ( ⁇ right arrow over (Phy) ⁇ ), projecting the physical state 1204 , and/or comparing the projected physical state 1204 to one or more PSB 554 , as disclosed herein.
- determining the Cy ⁇ metrics 1263 may comprise estimating a trajectory of one or more characteristics of the cyber state 1202 as a function of acquisition time ⁇ (the characteristics comprising and/or corresponding to: cyber state metadata 220 , cyber state parameters 222 , cyber state signatures 228 , acquired cyber state metadata 1220 , acquired cyber state parameters 1222 , acquired cyber state signatures 1228 , portion(s) thereof, and/or the like).
- Determining the trajectory of a cyber state characteristic may comprise fitting values of the characteristic at respective acquisition times (in cyber states 1202 N-A corresponding to acquisition times ⁇ -n through ⁇ , respectively) to a modeling function.
- Determining the trajectory of the cyber state characteristic may further comprise determining a projected value of the characteristic (e.g., projecting a value of the characteristic at a future acquisition time ⁇ +1, ⁇ +2, . . . ⁇ +n).
- determining the trajectory of a cyber state characteristic A may comprise fitting values of CyA at acquisition times ⁇ -n through a to a modeling function (fC CyA ).
- a projected value of CyA may be determined by use of the fit modeling function (fC CyA ).
- the cyber state evaluator 1252 is configured to determine a projected value of CyA at next acquisition time ⁇ +1.
- Determining the CyA metrics 1263 may comprise comparing the projected values of the one or more cyber state characteristics to corresponding features of one or more CSB 552 .
- the comparing may comprise comparing the projected value of CyA to a threshold (T_C CyA ), which may distinguish a “healthy” cyber state 1202 from an “unhealthy” cyber state 1202 (e.g. the “healthy” cyber state 1202 may correspond to cyber states 1202 in which CyA is lower than T_C CyA the “unhealthy” cyber state 1202 may correspond to cyber states 1202 in which CyA exceeds T_C CyA ).
- the resulting cyber state metrics 1263 produced by the cyber state evaluator 1252 may, therefore, be configured to indicate that cyber state 1202 is transitioning to an “unhealthy” cyber state 1202 (e.g., an unhealthy CSB 552 ).
- Determining the Cy ⁇ metrics 1263 may, therefore, comprise determining projected proximate CSB 552 , as disclosed above.
- Determining the Phy ⁇ metrics 1265 may comprise estimating a trajectory of one or more characteristics of the physical state 1202 , projecting the physical state characteristics, and/or comparing the projected physical state characteristics to one or more PSB 554 , as disclosed herein.
- the security engine 1210 may be configured to determine cyber-physical health metadata 180 for the control system 101 (and/or respective regions thereof), which may comprise determining cyber health metadata 182 , and physical health metadata 184 .
- the security engine 1210 may be configured to determine the cyber health metrics 282 , which may be based on, inter alia, error metrics 175 , CPSC metrics 575 , and cyber state metrics 553 , as disclosed herein.
- determining the cyber health metrics 282 may further comprise incorporating Cy ⁇ metrics 1263 determined by the cyber state evaluator 1252 , as disclosed herein.
- the cyber health metrics 282 may, therefore, be configured to correlate cyber state information to a sliding window of cyber states 1202 A-N, which may provide for detection of cyber-attacks resulting in delayed and/or gradual changes to the cyber and/or physical state 1202 / 1204 of the control system 101 .
- Incorporating the Cy ⁇ metrics 1263 may comprise monitoring changes to the cyber state 1202 N-A of the control system 101 (and/or respective regions thereof) with respect to evaluation of one or more CSER (e.g., whether the cyber state 1202 is trending towards increased CSER failures).
- Incorporating the Cy ⁇ metrics 1263 may comprise quantifying a degree to which the cyber state 1202 of the control system 101 (and/or respective regions thereof) is trending away from healthy CSB 552 , towards unhealthy CSB 552 , and/or the like.
- incorporating the Cy ⁇ metrics 1263 may comprise quantifying a degree to which respective cyber state characteristics are trending away from characteristics of healthy CSB 552 , towards characteristics of unhealthy CSB 552 , and/or the like.
- incorporating the Cy ⁇ metrics 1263 may comprise identifying projected proximate CSB 552 , which may comprise CSB 552 to which the cyber state 1202 of the control system 101 (and/or respective regions thereof) is projected to converge.
- the security engine 1210 may be further configured to determine the physical health metrics 284 , which may be based on, inter alia, error metrics 175 , CPSC metrics 575 , and physical state metrics 555 , as disclosed herein.
- determining the physical health metrics 284 may further comprise incorporating Phy ⁇ metrics 1265 determined by the physical state evaluator 1254 , as disclosed herein.
- the physical health metrics 284 may, therefore, be configured to correlate physical state information to a sliding window of physical states 1204 A-N, which may provide for detection of component attacks, physical attack vectors, and/or failure modes resulting in delayed and/or gradual changes to the cyber and/or physical state 1202 / 1204 of the control system 101 .
- Incorporating the Phy ⁇ metrics 1265 may comprise monitoring changes to the physical state 1204 N-A of the control system 101 (and/or respective regions thereof) with respect to evaluation of one or more PSER (e.g., whether the physical state 1204 is trending towards increased PSER failures). Incorporating the Phy ⁇ metrics 1265 may comprise quantifying a degree to which the physical state 1204 of the control system 101 (and/or respective regions thereof) is trending away from healthy PSB 554 , towards unhealthy PSB 554 , and/or the like. Alternatively, or in addition, incorporating the Phy ⁇ metrics 1265 may comprise quantifying a degree to which respective physical state characteristics are trending away from characteristics of healthy PSB 554 , towards characteristics of unhealthy PSB 554 , and/or the like. In some embodiments, incorporating the Phy ⁇ metrics 1265 may comprise identifying projected proximate PSB 554 , which may comprise PSB 554 to which the physical state 1204 of the control system 101 (and/or respective regions thereof) is projected to converge.
- the security engine 1210 may be configured to implement mitigation operations in accordance with the determined cyber-physical state metadata 180 , as disclosed herein.
- the security engine 1210 may be further configured to implement mitigation operations in accordance with the cyber and/or physical state metrics 553 / 555 and/or the corresponding cyber and/or physical health metrics 282 / 284 .
- the security engine 1210 may be further configured to implement mitigation operations in response to Cy ⁇ and/or Phy ⁇ metrics 1263 / 1265 indicating that the cyber and/or physical health of the control system 101 is degrading (e.g., trending towards unhealthy CSB and/or PSB 552 / 554 ).
- the security engine 1210 may be configured to determine that a cyber state 1202 of the control system 101 (and/or region thereof) is trending toward an unhealthy CSB 552 in response to one or more of: CSB error metrics between projected cyber states 1202 and healthy CSB 552 failing to satisfy one or more healthy state error thresholds, CSB error metrics between the projected cyber states 1202 , projected proximate CSB 552 failing to include a healthy CSB 552 , CSB error metrics between the projected cyber states 1202 and unhealthy CSB 552 failing to satisfy one or more unhealthy state error thresholds, projected proximate CSB 552 including an unhealthy CSB 552 , and/or the like.
- the security engine 1210 may be further configured to determine that a physical state 1202 of the control system 101 is degrading and/or trending towards an unhealthy PSB 554 , as disclosed above (e.g., based on, inter alia, PSB error metrics between projected physical states 1204 and healthy and/or unhealthy PSB 552 , projected proximate PSB 554 , and/or the like).
- the security engine 1210 may be configured to implement mitigation operations in accordance with identified proximate CSB and/or PSB 552 / 554 , as disclosed above.
- the security engine 1210 may be further configured to implement mitigation operations in accordance with projected proximate CSB and/or PSB 552 / 554 .
- the Cy ⁇ metrics 1263 may indicate that the cyber state 1202 of the control system 101 (and/or a region thereof) is projected to converge to an unhealthy CSB 552 at a future acquisition time (e.g, at an acquisition time ⁇ +p, where p is the projection time).
- the security engine 1210 may implement mitigation operations in accordance with the projected unhealthy CSB 552 , as disclosed above (may implement mitigation operations corresponding to the mitigation operations implemented in response to determining that the cyber state 1202 corresponds to the unhealthy CSB 552 ).
- the security engine 1210 may adapt the mitigation operations in accordance with confidence in the projection and/or a proximity of the projection.
- the security engine 1210 may be configured to increase the priority of the mitigation operations (and/or warning level(s) of corresponding notifications) in proportion to the corresponding CPSC metrics 575 and/or in inverse proportion to the proximity.
- the security engine 1210 may be further configured to implement mitigation operations in accordance with projected unhealthy PSB 554 , as disclosed above.
- FIG. 13A is a schematic block diagram of another embodiment of an RS agent 110 , as disclosed herein.
- the RS agent 110 may comprise a security engine 1210 , key generator 1212 , communication manager 1216 , error monitor 1218 , and/or acquisition engine 1206 , as disclosed herein.
- the RS agent 110 may further comprise a state engine 1290 , which may be configured to maintain cyber-physical state metadata 111 configured to characterize the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof), as disclosed herein.
- a state engine 1290 which may be configured to maintain cyber-physical state metadata 111 configured to characterize the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof), as disclosed herein.
- the state engine 1290 may be further configured to determine estimated cyber-physical state metadata 1311 for the control system 101 (and/or respective regions thereof), which may comprise determining an estimated cyber-physical state 1301 of the control system 101 based on, inter alia, existing cyber-physical state metadata 111 maintained by the RS agent 110 (and/or an existing cyber-physical state 1201 ).
- the state engine 1290 may be further configured to determine state estimation metrics 1375 , which may be configured to quantify errors, differences, and/or distances between acquired cyber-physical state metadata 1211 and corresponding estimated cyber-physical state metadata 1311 .
- the acquisition engine 1206 may be configured to acquire cyber-physical state metadata 1211 , which may be configured to characterize the cyber-physical state 1201 of the control system 101 (and/or selected regions thereof) at specified acquisition times ⁇ .
- the state engine 1290 may be configured incorporate the acquired cyber-physical state metadata 1211 , which may comprise incorporation into existing cyber-physical state metadata 111 configured to characterize the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof) previous to the specified acquisition time ⁇ (e.g., at acquisition times ⁇ -p, where p is a time since the cyber-physical state metadata 111 was last acquired).
- the acquisition engine 1206 may be configured to acquire cyber-physical state metadata 1211 , which may be configured to characterize the cyber-physical state 1201 of the control system 101 (and/or selected regions thereof) at specified acquisition times ⁇ .
- the state engine 1290 may be configured incorporate the acquired cyber-physical state metadata 1211 , which may comprise incorporation into existing cyber-physical state metadata 111 configured to characterize the cyber-physical
- Determining the cyber-physical state estimate 1301 may comprise determining a cyber state estimate 1302 (and/or estimated cyber state metadata 1320 ), determining a physical state estimate 1304 (and/or estimated physical state metadata 1340 ), and/or the like.
- Determining the estimated cyber-physical state metadata 1311 may comprise projecting the existing cyber-physical state metadata 111 from acquisition time ⁇ -p to the acquisition time ⁇ of the acquired cyber-physical state metadata 1211 .
- the estimated cyber-physical state metadata 1311 and the acquired cyber-physical state metadata 1211 may, therefore, correspond to a same (and/or substantially similar) acquisition time ⁇ .
- the state estimator 1290 may be further configured to determine state estimation metrics 1375 for the acquired cyber-physical state metadata 1211 by, inter alia, comparing the acquired cyber-physical state metadata 1211 to the estimated cyber-physical state metadata 1311 .
- the state estimation metrics 1375 may comprise cyber state estimation metrics 1376 , which may be configured to quantify error, differences, and/or distances between acquired cyber state metadata 1220 and estimated cyber state metadata 1320 .
- the state estimation metrics 1375 may further comprise physical state estimation metrics 1378 , which be configured to quantify error, differences, and/or distances between acquired physical state metadata 1240 and estimated physical state metadata 1340 .
- the state engine 1290 may determine cyber-physical state estimates 1301 corresponding to acquired cyber-physical state metadata 1211 using any suitable state estimation and/or observation technique.
- the state engine 1290 is configured to determine cyber-physical state estimates 1301 by use of a process model 1315 of the control system 101 (and/or process models 1315 corresponding to respective CPCE 105 ).
- the process model may 1315 comprise any suitable means for modeling and/or determining cyber-physical state estimates 1301 .
- the process model 1315 may comprise and/or correspond to a linear time-varying (LTV) model of the control system 101 (and/or respective CPCE 105 thereof), as follows:
- CPS ⁇ may comprise an estimated cyber-physical state 1301 of the control system 101 at acquisition time ⁇ (acquisition time ⁇ corresponding to acquired cyber-physical state metadata 1211 , as disclosed herein), which may be based on CPS ⁇ -p , which may be configured to model the cyber-physical state 1201 of the control system 101 at an earlier acquisition time (e.g., acquisition time ⁇ -p of the existing cyber-physical state metadata 111 maintained by the RS agent 110 ); u ⁇ -p , w ⁇ -p , v ⁇ -p , and y ⁇ -p may be configured to model control inputs, process noise, measurement noise, and output state of the control system 101 at the acquisition time ⁇ -p, respectively.
- Parameters A ⁇ -p ,-N ⁇ -p may comprise weighting and/or scaling factors.
- the process and/or measurement noise (w ⁇ -p and/or v ⁇ -p ) may correspond to error and/or CPSC metrics 175 / 575 (and/or corresponding cyber-physical health metadata 180 ), as disclosed herein.
- Determining the cyber-physical state estimate 1301 may comprise: identifying cyber-physical state metadata 111 pertaining to the selected CPCE 105 , determining an acquisition time of the identified cyber-physical state metadata 111 relative to the specified acquisition time ⁇ (e.g., determining the previous acquisition time ⁇ -p of the existing cyber-physical state metadata 111 ), and determining estimated cyber-physical state metadata 1311 based on the identified cyber-physical state metadata 111 , the determined acquisition time ⁇ -p, and process model(s) 1315 of the selected CPCE 105 .
- Determining the estimated cyber-physical state metadata 1311 may comprise projecting the existing cyber-physical state metadata 111 from the previous acquisition time ⁇ -p to the specified acquisition time ⁇ .
- Determining the estimated cyber-physical state metadata 1311 may comprise using the process model(s) 1315 to determine estimated cyber state metadata 1320 from existing cyber state metadata 220 , determine estimated physical state metadata 1340 from existing physical state metadata 240 , and/or the like.
- the state estimate metrics 1375 may comprise cyber estimate metrics 1376 and physical estimate metrics 1378 .
- the cyber state error metrics 1376 may quantify differences between acquired cyber state metadata 1220 (e.g., acquired cyber state parameters and/or signatures 1222 / 1228 ) and corresponding estimated cyber state metadata 1320 .
- the physical state error metrics 1378 may quantify differences between acquired physical state metadata 1240 (e.g., acquired physical state parameters and/or signatures 1242 / 1248 ) and corresponding estimated physical state metadata 1340 .
- the state engine 1290 may be further configured to incorporate the determined state estimate metrics 1375 into the cyber-physical health metadata 180 .
- the state engine 1290 may be configured to incorporate state error parameters 181 into the cyber and/or physical health metadata 182 and/or 184 , which may quantify a degree to which respective acquired cyber-physical metadata 1211 diverges from corresponding estimated cyber-physical state metadata 1311 .
- the state engine 1290 may be configured to incorporate cyber estimation metrics 1376 into corresponding cyber health metadata 182 and incorporate physical estimation metrics 1378 into corresponding physical health metadata 184 .
- the security engine 1210 may be configured to determine composite cyber-physical health metrics pertaining to respective regions of the control system 101 based on the incorporated state estimation metrics 1375 .
- the security engine 1210 may be configured to determine the cyber health metrics 282 , which may be based on, inter alia, error metrics 175 , CPSC metrics 575 , and/or cyber estimation metrics 1376 , as disclosed herein.
- the security engine 1210 may be configured to determine the physical health metrics 284 , which may be based on, inter alia, error metrics 175 , CPSC metrics 575 , and/or physical estimation metrics 1378 , as disclosed herein.
- the security engine 1210 may be configured to implement mitigation operations in accordance with the determined cyber and/or physical health metrics 282 / 284 .
- the security engine 1210 may be configured to implement mitigation operations in response to error metrics 175 that exceed one or more error thresholds, CPSC metrics 575 that fail to satisfy one or more confidence thresholds, and so on, as disclosed herein.
- the security engine 1210 may be configured to detect high cyber and/or physical estimation metrics 1376 / 1378 (by use of one or more cyber and/or physical estimation thresholds, or the like).
- the security engine 1210 may be configured to implement mitigation operations in response to high cyber estimation metrics 1376 , which may indicate differences between acquired cyber-state metadata 1211 and corresponding estimated cyber-physical state metadata 1376 , which may be due to cyber-attack, and/or compromise of one or more cyber components 120 , the CS network 122 , cyber nodes 124 , and/or the like.
- the security engine 1210 may be configured to adapt communication of subsequent state keys 160 to, inter alia, determine a source of the high cyber estimation metrics 1376 , as disclosed herein (e.g., adapt communication of the subsequent state keys 160 in accordance with a cyber isolation scheme).
- the security engine 1210 may be further configured to implement mitigation operations in response to cyber estimation metrics 1376 , which may include, but are not limited to: generating notifications pertaining to cyber estimation metrics 1376 (e.g., the notifications identifying potential causes of the high cyber estimation metrics 1376 ), deactivating, isolating, and/or resetting cyber-physical components 102 associated with the high cyber estimation metrics 1376 (e.g., cyber components 120 , cyber nodes 124 , cyber paths 126 , and/or the like), and so on.
- cyber estimation metrics 1376 may include, but are not limited to: generating notifications pertaining to cyber estimation metrics 1376 (e.g., the notifications identifying potential causes of the high cyber estimation metrics 1376 ), deactivating, isolating, and/or resetting cyber-physical components 102 associated with the high cyber estimation metrics 1376 (e.g., cyber components 120 , cyber nodes 124 , cyber paths 126 , and/or the like), and so on.
- the security engine 1210 may be further configured to implement mitigation operations in response to detecting high physical estimation metrics 1378 .
- the security engine 1210 may be configured to adapt communication of subsequent state keys 160 to, inter alia, determine a source of the high physical estimation metrics 1378 , as disclosed herein (e.g., adapt communication of the subsequent state keys 160 in accordance with a physical isolation scheme).
- the security engine 1210 may be further configured to implement mitigation operations in response to the high physical estimation metrics 1378 , which may include, but are not limited to: generating notifications pertaining to the high physical estimation metrics 1378 (e.g., the notifications identifying potential causes of the high physical estimation metrics 1378 ), slowing control function(s) of the CPCE 105 , halting control function(s) of the CPCE 105 , modifying the control function(s) of the CPCE 105 (e.g., implementing a “safe mode” of the CPCE 105 ), isolating the CPCE 105 from other CPCE 105 of the control system 101 , physical components 140 of the CPCE 105 from other cyber-physical components 102 of the control system 101 , and/or the like.
- the high physical estimation metrics 1378 may include, but are not limited to: generating notifications pertaining to the high physical estimation metrics 1378 (e.g., the notifications identifying potential causes of the high physical estimation metrics 1378 ), slowing control function(
- FIG. 13B is a schematic block diagram of another embodiment of cyber-physical system 100 comprising an RS agent 110 , as disclosed herein.
- the RS agent 110 may be configured to communicate state keys 160 through selected regions of the control system 101 , and determine error metrics 175 for the state keys 160 , as disclosed herein.
- the RS agent 110 may be further configured to acquire the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof), which may comprise acquiring cyber-physical state metadata 1211 in conjunction with communication of respective state keys 160 (and/or fragments 161 thereof), determining CPSC metrics 575 quantifying a confidence in the accuracy of the acquired cyber-physical state metadata 1211 , and/or incorporating the acquired cyber-physical state metadata 1211 in accordance with the determined CPSC metrics 575 .
- the RS agent 110 may be further configured to maintain cyber-physical state metadata 111 corresponding to a range of acquisition times ⁇ , including cyber-physical state metadata 111 configured to characterize a plurality of cyber-physical states 1201 A-N of the control system 101 (and/or respective regions thereof), each cyber-physical state 1201 A-N corresponding to a respective acquisition time ⁇ through ⁇ -n.
- the state engine 1290 may be configured to determine estimated cyber-physical state metadata 1311 corresponding to acquired cyber-physical state metadata 1211 , and determine corresponding state estimation metrics 1375 , as disclosed herein.
- the state engine 1290 may be further configured to determine cyber state projections, physical state projections, cyber characteristic projections, physical characteristic projections and/or the like, as disclosed herein.
- the RS agent 110 may comprise a cyber state evaluator 1252 , which may be configured to determine cyber state metrics 553 and/or Cy ⁇ metrics 1263 for the control system 101 (and/or respective regions thereof) in accordance with the acquired cyber state(s) 1202 A-N and one or more CSB 552 , as disclosed herein (e.g., by use of cyber state projections and/or cyber characteristic projections determined by the state engine 1290 .
- the RS agent 110 may further comprise a physical state evaluator 1254 , which may be configured to determine physical state metrics 555 and/or Phy ⁇ metrics 1265 for the control system 101 (and/or respective regions thereof) in accordance with the acquired physical state(s) 1204 A-N and one or more PSB 554 , as disclosed herein (e.g., by use of physical state projections and/or physical characteristic projections determined by the state engine 1290 ).
- a physical state evaluator 1254 may be configured to determine physical state metrics 555 and/or Phy ⁇ metrics 1265 for the control system 101 (and/or respective regions thereof) in accordance with the acquired physical state(s) 1204 A-N and one or more PSB 554 , as disclosed herein (e.g., by use of physical state projections and/or physical characteristic projections determined by the state engine 1290 ).
- the security engine 1210 may be configured to determine cyber-physical health metadata 180 for the control system 101 (and/or respective regions thereof), which may comprise determining cyber health metadata 182 , and physical health metadata 184 .
- the security engine 1210 may be configured to determine the cyber health metrics 282 , which may be based on, inter alia, error metrics 175 , CPSC metrics 575 , cyber state metrics 553 , Cy ⁇ metrics 1263 , and/or cyber estimation metrics 1376 , as disclosed herein.
- the security engine 1210 may be configured to determine the physical health metrics 284 , which may be based on, inter alia, error metrics 175 , CPSC metrics 575 , physical state metrics 555 , Phy ⁇ metrics 1265 , and/or physical estimation metrics 1378 , as disclosed herein.
- the security engine 1210 may be configured to implement mitigation operations in accordance with the determined cyber and/or physical health metrics 282 / 284 .
- the security engine 1210 may be configured to implement mitigation operations in response to: error metrics 175 that exceed one or more error thresholds, CPSC metrics 575 that fail to satisfy one or more confidence thresholds, and/or the like.
- the security engine 1210 may be further configured to implement mitigation operations in response to: cyber state metrics 553 , Cy ⁇ metrics 1263 , physical state metrics 555 , and/or Phy ⁇ metrics 1265 , as disclosed herein.
- the security engine 1210 may be further configured to implement mitigation operations based on cyber estimation metrics 1376 and/or physical estimation metrics 1378 , as disclosed above.
- FIG. 14A is a schematic block diagram of another embodiment of an RS agent 110 , as disclosed herein.
- the RS agent 110 may comprise a security engine 1210 , key generator 1212 , communication manager 1216 , error monitor 1218 , acquisition engine 1206 , and state engine 1290 , as disclosed herein.
- the RS agent 110 may comprise and/or be communicatively coupled to a data store 1401 , which may comprise cyber-physical state metadata 111 , a security policy 211 , and/or a coverage schema 511 , as disclosed herein.
- the data store 1401 may be embodied by storage resources 204 of the RS agent 110 .
- the data store 1401 may comprise storage resources of one or more other cyber-physical components 102 of the control system 101 .
- the RS agent 110 may be configured to communicate state keys 160 , acquire cyber-physical state metadata 1211 , determine error metrics 175 corresponding to respective state keys 160 , determine CPSC metrics 575 corresponding to the acquired cyber-physical state metadata 1211 , incorporate the acquired cyber-physical state metadata 1211 , and/or determine cyber-physical health metadata 180 in accordance with the determined error metrics 175 , CPSC metrics 575 , and/or the like, as disclosed herein.
- the security engine 1210 may be further configured to determine cyber-physical state error metrics 1471 for the control system 101 (and/or respective regions thereof), the cyber-physical state error metrics 1471 quantifying error, differences, and/or distances between the acquired cyber-physical state 1201 and one or more cyber-physical state profiles.
- a “cyber-physical state profile” refers to a collection of cyber state classification features and corresponding classification values configured to characterize designated cyber-physical classifications of the control system 101 and/or distinguish the designated cyber-physical state classifications from other cyber-physical state classifications.
- a cyber state profile 1412 may comprise cyber classification features and/or classification values configured to characterize a designated cyber state classification 1413 .
- a physical state profiles 1414 may comprise physical classification features and/or classification values configured to characterize a designated physical state classification 1415 .
- a cyber state classification 1413 refers to a particular classification of cyber state(s) 1202 of the control system 101 (and/or range of cyber states 1202 ) that are indicative of particular cyber state types, cyber behaviors, cyber operation and/or the like.
- a physical state classification 1415 refers to a particular classification of physical state(s) 1204 of the control system 101 (and/or range of physical states 1204 ) that are indicative of particular physical state types, physical behaviors, physical operation, and/or the like.
- the data store 1401 may further comprise a classification schema 1416 , which may define cyber classification features 1422 of the cyber state profiles 1412 (e.g., cyber classification features 1422 by which cyber state classifications 1413 of the cyber state profiles 1412 are characterized and/or distinguished).
- a classification schema 1416 may define cyber classification features 1422 of the cyber state profiles 1412 (e.g., cyber classification features 1422 by which cyber state classifications 1413 of the cyber state profiles 1412 are characterized and/or distinguished).
- the cyber classification features 1422 may comprise a subset of cyber-physical state information capable of being acquired from the control system 101 (e.g., may correspond to a subset of the cyber-physical state data 1207 , CPS datasets 1209 , RCPS data 1217 , acquired cyber-physical state metadata 1211 , acquired cyber state metadata 1220 , acquired cyber state parameters 1222 , acquired cyber state signatures 1228 cyber-physical state metadata 111 , cyber state metadata 220 , cyber state parameters 222 , and/or cyber state signatures 228 , as disclosed herein).
- the cyber classification features 1422 may comprise and/or correspond to cyber state characteristics determined to characterize and/or distinguish the cyber state classifications 1413 of the cyber state profiles 1412 , and may exclude cyber state characteristics determined to be non-distinguishing.
- the cyber classification features 1422 may be determined and/or learned by, inter alia, a cyber state classifier 1424 .
- the cyber state classifier 1424 may learn the cyber classification features 1422 by use of cyber classification training data 1402 .
- the cyber classification training data 1402 may comprise a plurality of training datasets 1421 A-N, each comprising cyber state data 1432 corresponding to a designated cyber state classification 1413 , which may indicate that the cyber state data 1432 corresponds to: a particular cyber state classification 1413 (e.g., is a true positive of the particular cyber state classification 1413 ), does not correspond to the particular cyber state classification 1413 (e.g., is a true negative), corresponds to a different cyber state classification 1413 , does not correspond to any cyber state classification 1413 , and/or the like.
- the cyber state classifier 1424 may use the training datasets 1421 to, inter alia, learn and/or extract cyber classification features 1422 that result in accurate classification of the cyber classification training data 1402 .
- the cyber state classifier 1424 may use the training datasets 1421 to, inter alia, learn and/or extract cyber classification features 1422 capable of characterizing and/or distinguishing cyber classification training data 1402 corresponding to the designated cyber state classification 1413 from cyber classification training data 1402 corresponding to other cyber state classifications 1413 .
- the cyber state classifier 1424 may comprise any suitable classification means including, but not limited to: a self-organizing map (SOM), an artificial neural network (ANN), an auto encoder, a Monte Carlo classifier, and/or the like.
- the training datasets 1421 A-N may comprise cyber state data 1432 captured during operation of the control system 101 (and/or during simulated operation) and, as such, may have a large dimensionality (e.g., may comprise the full dimensionality of cyber state information, metadata 220 , parameters 222 , and/or signatures 228 capable of being acquired from the cyber-physical system 100 ).
- the cyber state classifier 1424 may be configured to reduce the dimensionality of the cyber classification training data 1402 , which may comprise determining cyber classification features 1422 corresponding to a subset of the cyber state information capable of being acquired from the control system 101 .
- the cyber state classifier 1424 may be further configured to determine cyber classification values 1428 , which may comprise values, weights, and/or other classification information corresponding to the cyber state classification features 1422 .
- the cyber classification values 1428 may comprise and/or correspond to characteristics of the acquired cyber state 1202 of the control system 101 (cyber state characteristics), such as cyber state metadata 220 , cyber state parameters 222 , cyber state signatures 228 , portion(s) thereof, and/or the like.
- the physical classification features 1442 may be determined and/or learned by, inter alia, a physical state classifier 1444 .
- the physical state classifier 1444 may learn physical classification features 1444 by use of physical classification training data 1404 , as disclosed herein.
- the physical classification training data 1404 may comprise a plurality of training datasets 1441 A-N, each comprising physical state data 1434 having a designated physical state classification 1415 , as disclosed herein.
- the physical state classifier 1444 may use the training datasets 1441 to, inter alia, learn and/or extract physical classification features 1442 that result in accurate classification of the physical classification training data 1404 .
- the physical state classifier 1444 may comprise any suitable classification means, as disclosed herein.
- the physical state classifier 1444 may be configured to reduce the dimensionality of the physical training data 1404 , which may comprise determining physical classification features 1442 comprising a subset of the physical state information capable of being acquired from the control system 101 .
- the physical state classifier 1444 may be further configured to determine physical classification values 1448 corresponding to the physical state classification parameters 1442 .
- the physical classification values 1448 may comprise values, weights, and/or other classification information corresponding to the physical state classification features 1442 .
- the physical classification values 1448 may comprise and/or correspond to characteristics of the acquired physical state 1204 of the control system 101 (physical state characteristics), such as physical state metadata 240 , physical state parameters 242 , physical state signatures 248 , portion(s) thereof, and/or the like.
- the RS agent 110 may comprise a plurality of cyber state profiles 1412 A-N and/or physical state profiles 1414 A-N.
- the RS agent 110 may comprise cyber state profiles 1412 A configured to characterize “healthy” cyber states of the control system 101 (and/or respective regions thereof), cyber state profiles 1412 N configured to characterize “unhealthy” cyber states, and so on.
- the healthy cyber state profiles 1412 A may comprise cyber classification features 1422 and/or corresponding classification values 1428 configured to characterize “healthy” cyber states 1202 of the control system 101 , as disclosed herein (e.g., healthy cyber states 1202 corresponding to different operating conditions).
- the “unhealthy” cyber state profiles 1412 N may comprise cyber classification features 1422 and/or corresponding classification values 1428 configured to characterize “unhealthy” cyber states 1202 of the control system 101 , as disclosed herein (e.g., cyber states 1202 corresponding to particular types of cyber-attacks, compromise of particular cyber components 120 , and/or the like).
- the healthy and unhealthy cyber state profiles 1412 A-N may be learned by use of corresponding cyber classification training data 1402 , as disclosed herein (e.g., training datasets 1421 corresponding to various healthy and/or unhealthy cyber states 1202 and/or behavior).
- the RS agent 110 may further comprise physical state profiles 1412 A configured to characterize “healthy” physical states 1204 of the control system 101 (and/or respective regions thereof).
- the “healthy” physical state profiles 1412 A may comprise physical classification features 1442 and/or corresponding classification values 1448 configured to characterize “healthy” physical states 1204 of the control system 101 , as disclosed herein (e.g., healthy physical states 1204 corresponding to different operating conditions).
- the “unhealthy” physical state profiles 1414 N may comprise physical classification features 1442 and/or corresponding classification values 1448 configured to characterize “unhealthy” physical states 1204 of the control system 101 , as disclosed herein (e.g., physical states 1204 corresponding to particular types of component and/or physical attacks, physical attack vectors, compromise of particular computational and/or physical components 130 / 140 , physical failure modes, and/or the like).
- the healthy physical state profiles 1412 A may, for example, characterize behavior of protective relay components under different load conditions (e.g., when generators and/or loads are brought online and/or taken offline), while responding to disturbances (e.g., when temporarily out-of-phase), during fault conditions, and/or the like.
- the healthy physical state profiles 1412 A may comprise physical state information indicating healthy or “nominal” responses to such conditions (e.g., balance generation/load within a specified time, stabilize out-of-phase conditions, open breakers in response to fault conditions, and so on).
- the unhealthy physical state profiles 1414 N may correspond to physical states 1204 and/or behavior during attacks directed to particular computational and/or physical components 130 / 140 (and/or physical environment), physical failure modes, and/or the like.
- the healthy and unhealthy physical state profiles 1414 A-N may be learned by use of corresponding physical classification training data 1404 , as disclosed herein (e.g., training datasets 1441 corresponding to various healthy and/or unhealthy physical states 1204 and/or behavior
- the RS agent 110 may be configured to acquire and/or maintain cyber-physical state metadata 111 by use of, inter alia, the acquisition engine 1206 .
- the acquisition engine 1206 may be configured to acquire cyber-physical state metadata 1211 pertaining to the cyber and/or physical state of selected regions of the control system 101 , which may be incorporated into the cyber-physical state metadata 111 maintained by the RS agent 110 (along with corresponding CPSC metrics 575 ).
- the acquisition engine 1206 may be configured to acquire cyber-physical state metadata 1211 pertaining to the cyber and/or physical state of selected regions of the control system 101 , which may be incorporated into the cyber-physical state metadata 111 maintained by the RS agent 110 (along with corresponding CPSC metrics 575 ).
- the acquisition engine 1206 may be configured to acquire cyber-physical state metadata 1211 in accordance with the classification schema 1416 , which may correspond to a subset of the cyber-physical state information capable of being acquired thereby (e.g., reduced dimensionality representation of the cyber and/or physical state of the control system 101 , as disclosed herein).
- the acquisition engine 1206 may be configured to acquire cyber-physical state data 1207 that include information pertaining to the cyber classification features 1422 and/or physical classification features 1442 of the classification schema 1416 , and exclude other cyber and/or physical state information.
- the acquisition engine 1206 may, therefore, acquire a more limited range of cyber-physical state information from the control system 101 , which may reduce overhead imposed thereon.
- the acquisition engine 1206 may be further configured to acquire cyber-physical state metadata 1211 , including acquired cyber state metadata 1220 (e.g., acquired cyber state parameters 1222 and/or cyber state signatures 1228 ) and/or acquired physical state metadata 1240 (e.g., acquired physical state parameters 1222 and/or physical state signatures 1248 ) in accordance with the classification schema 1416 .
- the security engine 1210 may be configured to determine CPSC metrics 575 corresponding to the acquired cyber-physical state metadata 1211
- the state engine 1290 may be configured to incorporate the acquired cyber-physical state metadata 1211 into the cyber-physical state metadata 111 in accordance with the determined CPSC metrics 575 , as disclosed herein.
- the security engine 1210 may be further configured to determine cyber-physical state error metrics 1471 , which may quantify a degree to which the cyber-physical state 1201 of control system 101 (and/or regions thereof) as acquired by the RS agent 110 differs from respective cyber and/or physical state profiles 1412 / 1414 .
- the security engine 1210 may be configured to determine one or more cyber state error metrics 1472 , which may quantify error between the acquired cyber state 1202 of the control system 101 (e.g., cyber state metadata 220 ) and respective cyber state profiles 1412 .
- Determining cyber state error metrics 1472 for a cyber state profile 1412 may comprise comparing cyber classification values 1428 of the cyber state profile 1412 to corresponding characteristics of the cyber state 1202 (e.g., cyber state metadata 220 , one or more cyber state parameters 222 , one or more cyber state signatures 228 , acquired cyber state metadata 1220 , one or more acquired cyber state parameters 1222 , one or more acquired cyber state signatures 1228 , portion(s) thereof, and/or the like).
- the cyber classification values 1428 of a cyber state profile 1412 may comprise a signature of specified cyber state information (as specified by the cyber classification features 1422 ).
- Determining cyber state error metrics 1472 for the cyber state profile 1412 may comprise comparing the signature to signature(s) derived from the cyber state 1202 (e.g., signature(s) derived from cyber state metadata 220 maintained by the RS agent 110 ).
- the security engine 1210 may be configured to determine a plurality of cyber state error metrics 1472 A-N, each of which may be configured to quantify errors, differences, and/or distances between the cyber state 1202 of the control system 101 (and/or respective regions thereof) and respective cyber profiles 1412 A-N.
- the security engine 1210 may be configured to determine cyber state error metrics 1472 A, which may quantify error, differences, and/or distances between the cyber state 1202 and healthy cyber state profiles 1412 A.
- the security engine 1210 may be further configured to determine cyber state error metrics 1472 corresponding to other cyber state profiles 1412 , including cyber state error metrics 1472 N, which may be configured to quantify error, differences, and/or distances between the cyber state 1202 and unhealthy cyber state profiles 1412 N (e.g., unhealthy cyber state profiles 1412 N corresponding to particular types of cyber-attacks, compromise of particular cyber components 120 , and/or the like).
- cyber state error metrics 1472 N may be configured to quantify error, differences, and/or distances between the cyber state 1202 and unhealthy cyber state profiles 1412 N (e.g., unhealthy cyber state profiles 1412 N corresponding to particular types of cyber-attacks, compromise of particular cyber components 120 , and/or the like).
- the security engine 1210 may be configured to determine cyber state error metrics 1472 A-N pertaining to respective regions of the control system 101 (e.g., respective CPCE 105 ), which may comprise comparing cyber state metadata 220 covering the respective regions to corresponding cyber classification values 1428 of respective cyber state profiles 1412 , as disclosed herein (e.g., healthy cyber state profiles 1412 A, unhealthy cyber state profiles 1412 N, and so on).
- the cyber error metrics 1472 A-N may further comprise confidence metrics, which may comprise and/or correspond to confidence metrics of the corresponding cyber profiles 1412 A-N and/or CPSC metrics 575 associated with the cyber states 1202 A-N from which the cyber error metrics 1472 A-N were derived (e.g., CPSC metrics 575 of cyber state metadata 220 and/or acquired physical state metadata 1220 of the respective cyber states 1202 A-N).
- confidence metrics may comprise and/or correspond to confidence metrics of the corresponding cyber profiles 1412 A-N and/or CPSC metrics 575 associated with the cyber states 1202 A-N from which the cyber error metrics 1472 A-N were derived (e.g., CPSC metrics 575 of cyber state metadata 220 and/or acquired physical state metadata 1220 of the respective cyber states 1202 A-N).
- the security engine 1210 may be configured to determine physical state error metrics 1474 , which may quantify error, differences, and/or distances between the acquired physical state 1204 of the control system 101 and respective physical state profiles 1414 .
- Determining physical state error metrics 1474 for a physical state profile 1412 may comprise comparing physical classification values 1448 of the physical state profile 1412 to corresponding characteristics of the physical state 1204 (e.g., physical state metadata 240 , one or more physical state parameters 242 , one or more physical state signatures 248 , acquired physical state metadata 1240 , one or more acquired physical state parameters 1242 , one or more acquired physical state signatures 1248 , portion(s) thereof, and/or the like).
- the security engine 1210 may be configured to determine a plurality of physical state error metrics 1474 A-N, each of which may be configured to quantify errors, differences, and/or distances between the physical state 1204 of the control system 101 (and/or respective regions thereof) and respective physical profiles 1414 A-N.
- the security engine 1210 may be configured to determine physical state error metrics 1474 A, which may quantify error, differences, and/or distances between the physical state 1204 and healthy physical state profiles 1414 A.
- the security engine 1210 may be further configured to determine physical state error metrics 1474 corresponding to other physical state profiles 1414 , including physical state error metrics 1474 N, which may be configured to quantify error, differences, and/or distances between the physical state 1204 and unhealthy physical state profiles 1414 N (e.g., unhealthy physical state profiles 1414 N corresponding to particular types of component attacks, physical attack vectors, compromise of particular physical components 130 , failure modes, and/or the like).
- physical state error metrics 1474 corresponding to other physical state profiles 1414 including physical state error metrics 1474 N, which may be configured to quantify error, differences, and/or distances between the physical state 1204 and unhealthy physical state profiles 1414 N (e.g., unhealthy physical state profiles 1414 N corresponding to particular types of component attacks, physical attack vectors, compromise of particular physical components 130 , failure modes, and/or the like).
- the security engine 1210 may be configured to determine physical state error metrics 1474 A-N pertaining to respective regions of the control system 101 (e.g., respective CPCE 105 ), which may comprise comparing physical state metadata 240 covering the respective regions to corresponding physical classification values 1428 of respective physical state profiles 1414 , as disclosed herein (e.g., healthy physical state profiles 1414 A, unhealthy physical state profiles 1414 N, and so on).
- the physical error metrics 1474 A-N may further comprise confidence metrics, which may comprise and/or correspond to confidence metrics of the corresponding physical profiles 1414 A-N and/or CPSC metrics 575 associated with the physical states 1204 A-N from which the physical error metrics 1474 A-N were derived (e.g., CPSC metrics 575 of physical state metadata 240 and/or acquired physical state metadata 1240 of the respective physical states 1204 A-N).
- confidence metrics may comprise and/or correspond to confidence metrics of the corresponding physical profiles 1414 A-N and/or CPSC metrics 575 associated with the physical states 1204 A-N from which the physical error metrics 1474 A-N were derived (e.g., CPSC metrics 575 of physical state metadata 240 and/or acquired physical state metadata 1240 of the respective physical states 1204 A-N).
- the security engine 1210 may be further configured to determine the cyber-physical health metadata 180 for the control system 101 .
- the security engine 1210 may determine cyber health metrics 182 of the control system 101 (and/or respective regions thereof) by use of cyber health metrics 282 .
- the cyber health metrics 282 may incorporate one or more cyber state error metrics 1472 .
- the cyber health metrics 282 determined by the security engine 1210 may be inversely proportional to cyber state error metrics 1472 A for healthy cyber state profiles 1412 A.
- the cyber health metrics 282 may incorporate cyber error metrics 1472 pertaining to other, unhealthy cyber state profiles 1412 N.
- the cyber health metrics 282 may be proportional to cyber state error metrics 1472 N for unhealthy cyber states profiles 1412 N.
- the security engine 1210 may be further configured to quantify a physical health of the control system 101 (and/or respective regions thereof) by use of physical health metrics 284 .
- the physical health metrics 284 may incorporate one or more physical state error metrics 1474 A-N.
- the physical health metrics 284 determined by the security engine 1210 may be inversely proportional to error between the acquired physical state 1204 of the control system 101 and physical state error metrics 1474 A for healthy physical state profiles 1414 A.
- the physical health metric 284 may incorporate physical state error metrics 1474 pertaining to other physical state profiles 1414 .
- the security engine 1210 may incorporate physical state error metrics 1474 N for “unhealthy” physical state classifications 1415 .
- the physical health metrics 284 may be proportional to the physical state error metrics 1474 N of unhealthy physical state profiles 1414 N (e.g., unhealthy physical state profiles 1414 N corresponding to particular types of physical attacks, physical attack vectors, and/or failure modes).
- the security engine 1210 may be configured to determine cyber and/or physical health metrics 282 / 284 corresponding to selected regions of the control system 101 (e.g., selected CPCE 105 , CPCE paths 108 , CPCE sections 109 , cyber sections 129 , physical control sections 149 , and/or the like).
- the security engine 1210 may determine cyber and/or physical health metrics 282 / 284 at any suitable level of granularity, in accordance with the granularity of the cyber-physical state metadata 111 and/or corresponding classification schema 1416 .
- the security engine 1210 may be further configured to associate cyber and/or physical health metrics 282 / 284 determined for respective cyber regions with, inter alia, error metrics 175 and/or CPSC metrics 575 associated with the respective cyber regions.
- the security engine 1210 may be further configured to implement one or more mitigation operations based on, inter alia, the determined cyber health metrics 282 , as disclosed herein.
- the mitigation operations may comprise identifying “unhealthy” cyber components 120 and/or cyber nodes 124 , as disclosed herein (e.g., identifying cyber nodes 124 having cyber communication characteristics that diverge from “healthy” cyber communication characteristics).
- the mitigation operations may comprise determining the cause and/or source of anomalous error metrics 175 (and/or cyber state errors 1472 A-N), as disclosed herein.
- the mitigation operations may include, but are not limited to: providing access to the cyber health metrics 282 (and/or cyber state metadata 220 , cyber state profiles 1412 , cyber state error metrics 1472 , error metrics 175 , and/or CPSC metrics 575 from which the cyber health metrics 282 were derived), generating notifications pertaining to cyber health metrics 282 that fail to satisfy one or more cyber health thresholds, anomalous cyber health metrics 282 , implementing mitigation operations in accordance with the determined cyber health metrics 282 (e.g., deactivating one or more cyber components 120 , cyber nodes 124 , and/or the like), and so on.
- the mitigation operations may pertain to particular cyber regions of the control system 101 and/or may be implemented in accordance with a security policy 211 , as disclosed herein.
- the physical health metrics 284 determined by the security engine 1210 may indicate a physical health of the control system 101 (and/or respective physical control regions thereof).
- the security engine 1210 may be further configured to implement one or more mitigation operations based on, inter alia, the determined physical health metrics 284 , as disclosed herein.
- the mitigation operations may comprise identifying “unhealthy” computational and/or physical components 130 / 140 , as disclosed herein (e.g., identifying computational and/or physical components 130 / 140 having a physical state that diverges from healthy physical state profiles 1412 A).
- the mitigation operations may comprise determining the cause and/or source of anomalous error metrics 175 (and/or physical state errors 1474 A-N), as disclosed herein.
- the mitigation operations may include, but are not limited to: providing access to the physical health metrics 284 (and/or physical state metadata 240 , physical state profiles 1414 , physical state error metrics 1474 A-N, error metrics 175 , and/or CPSC metrics 575 from which the physical health metrics 284 were derived), generating notifications pertaining to physical health metrics 284 that fail to satisfy one or more physical health thresholds, implementing mitigation operations in accordance with the determined physical health metrics 284 (e.g., deactivating one or more physical components 140 , halting control function(s) of one or more CPCE 105 , modifying the control function(s) of one or more CPCE 105 , isolating the CPCE 105 from other CPCE 105 of the control system 101 , isolating cyber-physical components 102 of the CPCE 105 from other cyber-physical components 102 of the control system 101 , and/or the like), and so on.
- the determined physical health metrics 284 e.g., deactivating one
- FIG. 14B is a schematic block diagram of another embodiment of an RS agent 110 configured to evaluate cyber and/or physical health of a control system 101 .
- the RS agent 110 may comprise a security engine 1210 , key generator 1212 , communication manager 1216 , error monitor 1218 , acquisition engine 1206 , state engine 1290 , and state store 1401 comprising cyber-physical state profiles, as disclosed herein.
- the security engine 1210 may be configured to monitor a cyber-physical health of the control system 101 (e.g., determine cyber-physical health metadata 180 ) and/or implement mitigation operations in response to the monitoring.
- the security engine 1210 may configure the RS agent 110 to generate state keys 160 , communicate the state keys 160 through the control system 101 , acquire cyber-physical state metadata 1211 in conjunction with the communication of respective state keys 160 , determine error metrics 175 for respective state keys 160 , determine CPSC metrics 575 corresponding to cyber-physical state metadata 1211 acquired in conjunction with communication of the respective state keys 160 , incorporate the acquired cyber-physical state metadata 1211 , and/or determine cyber-physical health metadata 180 in accordance with the determined error metrics 175 , CPSC metrics 575 , and/or the like, as disclosed herein.
- the state engine 1290 may be configured to maintain cyber-physical state metadata 111 configured to characterize the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof) during a designated time range.
- the state engine 1290 may be configured to maintain cyber-physical state metadata 111 corresponding to cyber-physical states 1201 A-N corresponding to respective acquisition times ⁇ through ⁇ -n, as disclosed herein.
- the security engine 1210 may be further configured to determine cyber state error metrics 1472 A-N and/or physical state error metrics 1474 A-N, as disclosed herein.
- the cyber state error metrics 1472 A-N may be configured to quantify error, differences, and/or distances between respective the current cyber state 1202 A of the control system 101 and respective cyber state profiles 1412 A-N (including healthy cyber state profiles 1412 A and/or unhealthy cyber state profiles 1412 N).
- the physical state error metrics 1474 A-N may be configured to quantify error, differences, and/or distances between respective the current physical state 1204 A of the control system 101 and respective physical state profiles 1414 A-N (including healthy physical state profiles 1414 A and/or unhealthy physical state profiles 1414 N).
- the security engine 1210 may be further configured to determine cyber trend error metrics 1473 A-N and/or physical trend error metrics 1475 A-N. Determining the cyber trend error metrics 1473 A-N may comprise quantifying changes to the cyber state 1202 of the control system 101 (and/or respective regions thereof) as a function of acquisition time, which may comprise monitoring changes to the cyber state 1202 relative to respective cyber state profiles 1412 A-N within a sliding window of cyber states 1202 A-N.
- the cyber trend error metrics 1473 A-N may provide for detection of cyber-attacks resulting in delayed and/or gradual changes to the cyber state 1202 of the control system 101 , as disclosed above.
- determining the cyber trend error metrics 1473 A-N may comprise comparing respective cyber states 1204 A-N to respective cyber state profiles 1412 A-N (e.g., comparing each cyber state 1204 A-N to respective healthy cyber states 1412 A and unhealthy cyber states 1412 N, as disclosed herein).
- the determining may further comprise calculating cyber state error deltas ( ⁇ CyErr), each quantifying a change to respective cyber state errors 1472 A-N between respective acquisition times ⁇ -n through a (a change in cyber state errors 1472 A-N of respective cyber states 1202 A-N).
- the cyber trend error metrics 1473 A-N may quantify a degree to which the cyber state 1202 of the control system 101 (and/or respective regions thereof) are trending away from and/or towards respective cyber state profiles 1412 A-N over time.
- the cyber trend error metrics 1473 A-N may indicate that the cyber state 1202 is trending away from a healthy cyber state profile 1412 A and/or trending towards an unhealthy cyber state profile 1412 N (or vice versa).
- the security engine 1210 may be further configured to estimate and/or project a time at which the cyber state 1202 of the control system 101 (and/or respective regions thereof) will transition between cyber state classifications 1413 (e.g., transition from a healthy cyber state profile 1412 A to an unhealthy cyber state profile 1412 N, or vice versa).
- determining the cyber trend error metrics 1473 A-N may comprise quantifying a degree to which respective characteristics of the cyber state 1202 are trending away from cyber classification values 1428 of respective cyber state profiles 1412 A-N over time. Determining the cyber trend error metrics 1473 A-N may further comprise estimating and/or projecting a time at which characteristics of the cyber state 1202 will correspond to specified cyber classification features 1422 of the respective cyber state profiles 1412 A-N (e.g., the time at which a cyber state characteristic will correspond to an unhealthy cyber state profile 1412 N).
- the cyber trend error metrics 1473 A-N may be associated with AFCP metrics 575 of cyber-state metadata 111 from which the cyber trend error metrics 1473 A-N were derived and/or confidence metrics associated with respective cyber state profiles 1412 A-N, as disclosed herein.
- the security engine 1210 may be further configured to determine physical trend errors 1475 A-N and/or physical trend errors 1475 A-N. Determining the physical trend error metrics 1475 A-N may comprise quantifying changes to the physical state 1204 of the control system 101 (and/or respective regions thereof) as a function of acquisition time, which may comprise monitoring changes to the physical state 1204 relative to respective physical state profiles 1414 A-N within a sliding window of physical states 1204 A-N.
- the physical trend error metrics 1475 A-N may provide for detection of physical-attacks resulting in delayed and/or gradual changes to the physical state 1204 of the control system 101 , as disclosed above.
- determining the physical trend error metrics 1475 A-N may comprise comparing respective physical states 1204 A-N to respective physical state profiles 1414 A-N (e.g., comparing each physical state 1204 A-N to respective healthy physical states 1414 A and unhealthy physical states 1414 N, as disclosed herein).
- the determining may further comprise calculating physical state error deltas ( ⁇ PhyErr), each quantifying a change to respective physical state errors 1472 A-N between respective acquisition times ⁇ -n through a (a change in physical state errors 1472 A-N of respective physical states 1204 A-N).
- the physical trend error metrics 1475 A-N may quantify a degree to which the physical state 1204 of the control system 101 (and/or respective regions thereof) are trending away from and/or towards respective physical state profiles 1414 A-N over time.
- the physical trend error metrics 1475 A-N may indicate that the physical state 1204 is trending away from a healthy physical state profile 1414 A and/or trending towards an unhealthy physical state profile 1414 N (or vice versa).
- the security engine 1210 may be further configured to estimate and/or project a time at which the physical state 1204 of the control system 101 (and/or respective regions thereof) will transition between physical state classifications 1413 (e.g., transition from a healthy physical state profile 1414 A to an unhealthy physical state profile 1414 N, or vice versa).
- determining the physical trend error metrics 1475 A-N may comprise quantifying a degree to which respective characteristics of the physical state 1204 are trending away from physical classification values 1428 of respective physical state profiles 1414 A-N over time. Determining the physical trend error metrics 1475 A-N may further comprise estimating and/or projecting a time at which characteristics of the physical state 1204 will correspond to specified physical classification features 1422 of the respective physical state profiles 1414 A-N (e.g., the time at which a physical state characteristic will correspond to an unhealthy physical state profile 1414 N).
- the physical trend error metrics 1475 A-N may be associated with AFCP metrics 575 of physical-state metadata 111 from which the physical trend error metrics 1475 A-N were derived and/or confidence metrics associated with respective physical state profiles 1414 A-N, as disclosed herein.
- the security engine 1210 may be configured to determine cyber-physical health metadata 180 for the control system 101 (and/or respective regions thereof) based on, inter alia, the error metrics 175 , CPSC metrics 575 , cyber state error metrics 1472 A-N, and/or physical state error metrics 1474 A-N, as disclosed herein. In the FIG. 14B embodiment, the security engine 1210 may be further configured to incorporate the cyber trend error metrics 1473 A-N into the cyber health metrics 282 .
- Incorporating the cyber trend error metrics 1473 A-N comprise adapting the cyber health metrics 282 to indicate a degree to which the cyber state 1202 of the control system 101 (and/or respective regions thereof) are trending away from healthy cyber state profiles 1412 A and/or are trending toward unhealthy cyber state profiles 1412 N.
- the cyber health metrics 282 may further indicate a time at which the cyber state 1202 of the control system 101 (and/or respective regions thereof) are estimated and/or projected to transition to specified unhealthy cyber state profiles 1412 N.
- the security engine 1210 may configure the cyber health metrics 282 to indicate a degree to which respective characteristics of the cyber state 1202 of the control system 101 are trending away from cyber classification features 1422 and/or cyber classification values 1428 of healthy cyber state profiles 1412 A and/or are trending towards cyber classification features 1422 and/or cyber classification values 1428 of unhealthy cyber state profiles 1412 N.
- the security engine 1210 may further configure the cyber health metrics 282 to indicate a time at which specified characteristics of the cyber state 1202 of the control system 101 are estimated and/or projected to transition to specified classification features of identified unhealthy cyber state profiles 1412 N.
- the cyber health metrics 282 may further incorporate confidence metrics pertaining to the cyber trend error metrics 1473 A-N, which may quantify a confidence in the cyber state metadata 220 from which the cyber trend error metrics 1473 A-N were derived and/or a confidence in respective cyber state profiles 1412 A-N.
- the security engine 1210 may be further configured to incorporate the physical trend error metrics 1475 A-N into the physical health metrics 284 .
- Incorporating the physical trend error metrics 1475 A-N comprise adapting the physical health metrics 284 to indicate a degree to which the physical state 1204 of the control system 101 (and/or respective regions thereof) are trending away from healthy physical state profiles 1414 A and/or are trending toward unhealthy physical state profiles 1414 N.
- the physical health metrics 284 may further indicate a time at which the physical state 1204 of the control system 101 (and/or respective regions thereof) are estimated and/or projected to transition to specified unhealthy physical state profiles 1414 N.
- the security engine 1210 may configure the physical health metrics 284 to indicate a degree to which respective characteristics of the physical state 1204 of the control system 101 are trending away from physical classification features 1422 and/or physical classification values 1428 of healthy physical state profiles 1414 A and/or are trending towards physical classification features 1422 and/or physical classification values 1428 of unhealthy physical state profiles 1414 N.
- the security engine 1210 may further configure the physical health metrics 284 to indicate a time at which specified characteristics of the physical state 1204 of the control system 101 are estimated and/or projected to transition to specified classification features of identified unhealthy physical state profiles 1414 N.
- the physical health metrics 284 may further incorporate confidence metrics pertaining to the physical trend error metrics 1475 A-N, which may quantify a confidence in the physical state metadata 220 from which the physical trend error metrics 1475 A-N were derived and/or a confidence in respective physical state profiles 1414 A-N.
- the security engine 1210 may be further configured to implement one or more mitigation operations based on, inter alia, the determined cyber and/or physical health metrics 282 / 284 , as disclosed herein.
- the security engine 1210 may be configured to implement mitigation operations in response to determining that the cyber state 1202 A corresponds to an identified unhealthy cyber state profile 1412 N.
- the mitigation operations may be implemented in accordance with the identified unhealthy cyber state profile 1412 N, as disclosed herein.
- the security engine 1210 may be configured to implement mitigation operations in response to determining that the physical state 1202 N corresponds to an identified unhealthy physical state profile 1414 N.
- the mitigation operations may be implemented in accordance with the identified unhealthy physical state profile 1414 N, as disclosed herein.
- the security engine 1210 may be further configured to implement mitigation operations based on the cyber trend error metrics 1473 A-N, which may comprise identifying an unhealthy cyber state profile 1412 N to which the cyber state 1202 of the control system 101 are trending.
- the mitigation operations may be adapted in accordance with the identified unhealthy cyber state profile 1412 A, as disclosed above.
- the security engine 1210 may be further configured to implement mitigation operations based on the physical trend error metrics 1475 A-N, which may comprise identifying an unhealthy physical state profile 1414 N to which the physical state 1204 of the control system 101 is trending.
- the mitigation operations may be adapted in accordance with the identified unhealthy physical state profile 1414 A, as disclosed above.
- FIG. 15 is a flow diagram of another embodiment of a method 1500 for securing a cyber-physical system 100 , such as the control system 101 as disclosed herein.
- Step 1510 may comprise generating state keys 160 , each state key 160 comprising CPKD 162 comprising and/or corresponding to the cyber-physical state of the control system 101 , as disclosed herein.
- Step 1520 may comprise communicating the state keys 160 through a cyber-physical system 100 , as disclosed herein.
- Step 1520 may further comprise acquiring cyber-physical state data 1207 , as disclosed herein.
- Step 1520 may comprise acquiring cyber-physical state data 1207 from regions of the control system 101 covered by the state keys 160 (e.g., regions through which the state keys 160 and/or fragments 161 thereof were communicated).
- step 1520 may comprise acquiring regional RCPS data 1217 A-N corresponding to communication of respective state key fragments 161 A-N, as disclosed herein.
- Step 1520 may comprise acquiring a plurality of CPS datasets 1209 , as disclosed herein.
- Step 1520 may further comprise deriving cyber-physical state metadata 1211 from the acquired cyber-physical state data 1207 , as disclosed herein.
- Step 1530 may comprise calculating state key errors 175 , which may quantify error between respective state keys 160 and/or cyber-physical reconstructions thereof.
- Step 1530 may comprise comparing each state key 160 to a corresponding validation key 170 (and/or comparing state key fragments 161 A-N of respective state keys 160 to corresponding validation data 171 A-N).
- Step 1530 may further comprise determining a source and/or cause of the error metrics 175 , which may comprise adapting communication of one or more subsequent state keys 160 , and/or evaluating the resulting error metrics 175 thereof, as disclosed herein.
- Step 1530 may further comprise determining CPSC metrics 575 for the acquired cyber-physical state metadata 1211 .
- the CPSC metrics 575 may be configured to quantify a confidence that the acquired cyber-physical state metadata 1211 accurately represents the cyber-physical state of the control system 101 (and/or respective regions thereof).
- the CPSC metrics 575 may, therefore, be inversely proportional to the error metrics 175 determined for the corresponding state keys 160 (and/or state key fragments 161 ).
- Step 1540 may comprise incorporating the acquired cyber-physical state metadata 1211 into the cyber-physical state metadata 111 , as disclosed herein.
- Step 1540 may comprise incorporating the acquired cyber-physical state metadata 1211 into the cyber-physical state metadata 111 and/or associating the incorporated cyber-physical state metadata 111 with corresponding CPSC metrics 575 .
- Step 1540 may comprise adapt communication of one or more subsequent state keys 160 to, inter alia, determine a cause and/or source of low CPSC metrics 575 and/or obtain acquired cyber-physical state metadata 1211 having higher CPSC metrics 575 .
- Step 1550 may comprise determining cyber-physical health metadata 180 for the control system based on, inter alia, the error metrics 175 and/or CPSC metrics 575 determined at steps 1530 and/or 1540 , as disclosed herein.
- step 1550 may further comprise comparing the acquired cyber-physical state of the control system 101 (e.g., the cyber-physical state metadata 111 and/or acquired cyber-physical state metadata 1211 ) to a cyber-physical state estimate (e.g., state estimate 1313 ).
- the comparing may comprise determining state estimate error metrics 1375 , which may be incorporated into the cyber-physical health metadata 180 , as disclosed herein.
- step 1550 may further comprise determining one or more cyber and/or physical state errors 1472 / 1474 , which may quantify error between the acquired cyber-physical state of the control system 101 (and/or regions thereof) to one or more cyber and/or physical state profiles 1412 / 1414 , which errors 1472 / 1474 may be incorporated into the cyber-physical health metadata 180 , as disclosed herein.
- FIG. 16 is a flow diagram of another embodiment of a method 1600 for securing a cyber-physical system 100 , as disclosed herein.
- Step 1610 may comprise communicating state keys 160 through selected regions of a control system 101 , as disclosed herein.
- Step 1610 may comprise communicating fragments 161 A-N of each state key 160 through selected CPC paths 108 of the control system 101 , as disclosed herein, each CPC path 108 comprising a first cyber path 126 by which the fragment 161 is sent to a selected correlator 166 , a physical control coupling 148 corresponding to a PPV 155 through which validation data 171 corresponding to the fragment 161 is transmitted to a selected receiver 168 (and/or by which the validation data 171 are otherwise determined), and a second cyber path 126 by which the validation data 171 are returned.
- Step 1620 may comprise acquiring cyber-physical state data 1207 in conjunction with communication of the state keys 160 .
- Step 1620 may comprise acquiring the cyber-physical state of the control system 101 in conjunction with communication of the state keys 160 through the control system 101 .
- Step 1620 may comprise acquiring cyber-physical state data 1207 from regions of the control system 101 covered by respective state keys 160 .
- Step 1620 may comprise acquiring the cyber-physical state data 1207 concurrently with communication of the state keys 160 .
- step 1620 may comprise acquiring RCPS data 1217 A-N from regions of the control system 101 covered by respective state key fragments 161 A-N, the RCPS data 1217 A-N acquired in conjunction with communication of the respective state key fragments 161 A-N.
- step 1620 may comprise acquiring the cyber-physical state data 1207 and/or RPCS data 1217 A-N separately from communication of the state keys 160 and/or state key fragments 161 A-N (e.g., before, after, and/or interleaved with such communication).
- Step 1620 may further comprise determining acquired cyber-physical state metadata 1211 by use of the acquired cyber-physical state data 1207 , as disclosed herein.
- Step 1620 may further comprise determining error metrics 175 corresponding to communication of the state keys 160 and/or determining CPSC metrics 575 corresponding to acquisition of the cyber-physical state metadata 1211 , as disclosed herein.
- Step 1620 may comprise determining a source and/or cause of high error metrics 175 and/or low CPSC metrics 575 , as disclosed herein (e.g., by adapting communication of subsequent overlapping state keys 160 , such that fragments 161 A-N thereof are communicated through respective isolation CPC paths 108 , and evaluating the resulting error metrics 175 thereof).
- Step 1620 may comprise assigning error and/or CPSC metrics 175 / 575 to respective regions of the control system 101 and/or acquired cyber-physical state metadata 1211 , as disclosed herein.
- Step 1630 may further comprise incorporating the acquired cyber-physical state metadata 1211 into the cyber-physical state metadata 111 , which may comprise associating the error and/or CPSC metrics 175 / 575 with the incorporated cyber-physical state metadata 111 , as disclosed herein.
- the error metrics 175 may indicate errors associated with communication of state keys 160 (and/or state key fragments 161 ) through regions of the control system characterized by respective portions of the cyber and/or physical state metadata 220 / 240 .
- the CPSC metrics 575 may indicate a confidence that respective portions of the cyber and/or physical state metadata 220 / 240 accurately represent the cyber and/or physical state of regions of the control system 101 characterized thereby (e.g., based on error metrics 175 associated with communication of state keys 160 and/or state key fragments 161 through such regions during acquisition of the cyber-physical state).
- step 1620 may further comprise maintaining cyber-physical state metadata 111 configured to characterize a plurality of cyber-physical states 1201 A-N of the control system 101 , the cyber-physical states 1201 A-N corresponding to a range and/or sliding window of acquisition times (e.g., from a current acquisition time ⁇ to a previous acquisition time ⁇ -n).
- Step 1630 may comprise evaluating the cyber-physical health of the control system 101 (and/or respective regions thereof).
- Step 1630 may comprise evaluating acquired cyber-physical state 1201 of the control system 101 (and/or regions thereof).
- step 1630 may comprise determining a cyber health metrics 282 and/or physical health metrics 284 , as disclosed herein.
- the cyber health metrics 282 may be based on, inter alia, error metrics 175 , CPSC metrics 575 , cyber state metrics 553 , Cy ⁇ metrics 1263 , cyber state estimation metrics 1376 , cyber state error metrics 1472 , and/or the like.
- Step 1630 may comprise evaluating one or more CSER, comparing the acquired cyber state 1202 of the control system 101 to one or more CSB 552 (e.g., healthy CSB 552 and/or unhealthy CSB 552 ), comparing the cyber state 1202 to one or more cyber state profiles 1412 (e.g., healthy cyber state profiles 1412 A and/or unhealthy cyber state profiles 1412 N), and/or the like.
- CSB 552 e.g., healthy CSB 552 and/or unhealthy CSB 552
- cyber state profiles 1412 e.g., healthy cyber state profiles 1412 A and/or unhealthy cyber state profiles 1412 N
- Step 1630 may comprise determining Cy ⁇ metrics 1263 by, inter alia, correlating cyber state information to a sliding window of cyber states 1202 A-N, determining trends of respective CSER, cyber state metrics 553 , and/or cyber state error metrics 1472 A-N, determining a trajectory estimate for the cyber state 1202 (Cy), determining trajectories of respective cyber state characteristics, and/or the like.
- Step 1630 may comprise comparing the acquired cyber state 1202 to a healthy cyber state profile 1412 A, as disclosed above.
- Step 1640 may comprise comparing cyber state metadata 220 , cyber state parameters 222 , cyber state signatures 228 , and/or portion(s) thereof, to corresponding cyber classification values 1428 of the healthy cyber state profile 1412 A.
- the comparing may comprise determining a cyber state error 1472 A, which may quantify error between the acquired cyber state of the control system 101 (and/or region thereof) and the healthy cyber state profile 1412 A.
- Step 1630 may further comprise associating the determined cyber state error 1472 A with CPSC metrics 575 characterizing the cyber state metadata 220 , cyber state parameters 222 , and/or cyber state signatures 228 by which the cyber state error 1472 A was determined, as disclosed herein.
- Step 1630 may further comprise determining a physical health metrics 284 .
- the physical health metrics 284 may be based on, inter alia, error metrics 175 , CPSC metrics 575 , physical state metrics 555 , Phy ⁇ metrics 1265 , physical state estimation metrics 1376 , physical state error metrics 1474 , and/or the like.
- Step 1630 may comprise evaluating one or more PSER, comparing the acquired physical state 1204 of the control system 101 to one or more PSB 554 (e.g., healthy PSB 554 and/or unhealthy PSB 554 ), comparing the physical state 1204 to one or more physical state profiles 1414 (e.g., healthy physical state profiles 1414 A and/or unhealthy physical state profiles 1414 N), and/or the like.
- PSB 554 e.g., healthy PSB 554 and/or unhealthy PSB 554
- physical state profiles 1414 e.g., healthy physical state profiles 1414 A and/or unhealthy physical state profiles 1414 N
- Step 1630 may comprise determining Phy ⁇ metrics 1265 by, inter alia, correlating physical state information to a sliding window of physical states 1204 A-N, determining trends of respective PSER, physical state metrics 555 , and/or physical state error metrics 1474 A-N, determining a trajectory estimate for the physical state 1204 (Pity), determining trajectories of respective physical state characteristics, and/or the like.
- Step 1630 may comprise comparing the acquired physical state 1204 to a healthy physical state profile 1414 A, as disclosed above.
- Step 1640 may comprise comparing physical state metadata 240 , physical state parameters 242 , physical state signatures 248 , and/or portion(s) thereof, to corresponding physical classification values 1448 of the healthy physical state profile 1414 A.
- the comparing may comprise determining a physical state error 1474 A, which may quantify error between the acquired physical state of the control system 101 (and/or region thereof) and the healthy physical state profile 1414 A.
- Step 1630 may further comprise associating the determined physical state error 1474 A with CPSC metrics 575 characterizing the physical state metadata 240 , physical state parameters 242 , and/or physical state signatures 248 by which the physical state error 1474 A was determined, as disclosed herein.
- step 1630 may further comprise implementing mitigation operations in accordance with the determined cyber-physical health of the control system 101 .
- Step 1630 may comprise implementing mitigation operations in accordance with the error metrics 175 , CPSC metrics 575 , cyber state metrics 553 , physical state metrics 555 , Cy ⁇ metrics 1263 , Phy ⁇ metrics 1265 , cyber state error metrics 1472 A-N, physical state error metrics 1474 A-N, cyber trend error metrics 1473 A-N, physical trend error metrics 1475 A-N, cyber health metrics 282 , and/or physical health metrics 284 , as disclosed herein.
- FIG. 17 is a flow diagram of another embodiment of a method 1700 for securing a cyber-physical system 100 , as disclosed herein.
- Step 1710 may comprise acquiring the cyber-physical state of the system 100 , as disclosed herein.
- Step 1710 may comprise acquiring a cyber state of the control system 101 and/or maintaining corresponding cyber state metadata 220 .
- Step 1710 may further comprise acquiring a physical state of the control system 101 and/or maintaining corresponding physical state metadata 240 .
- Step 1710 may comprise acquiring cyber-physical state data 1207 while communicating state keys 160 (and/or state key fragments 161 ) through the control system 101 .
- Step 1710 may comprise acquiring cyber-physical state data 1207 from regions of the control system 101 covered by respective state keys 160 .
- Step 1710 may further comprise acquiring RCPS datasets 1217 from regions of the control system 101 covered by respective CPKD fragments 163 .
- Step 1710 may further comprise determining CPSC metrics 575 for the acquired cyber-physical state data 1207 and/or incorporating the acquired cyber-physical state data 1207 into cyber-physical state metadata 111 , as disclosed herein.
- Step 1710 may further comprise acquiring and/or maintaining cyber-physical state metadata 111 in accordance with a classification schema 1416 .
- Step 1710 may comprise acquiring cyber state metadata 220 corresponding to specified cyber classification features 1422 and/or acquiring physical state metadata 240 corresponding to specified physical classification factors 1442 .
- the classification schema 1416 may comprise a subset of the cyber-physical state information capable of being acquired by the RS agent 110 .
- Step 1720 may comprise determining cyber state error metrics 1472 by, inter alia, comparing the acquired cyber state of the control system 101 to respective cyber state profiles 1412 .
- Step 1720 may comprise determining a plurality of cyber state error metrics 1472 A-N, each quantifying error between the acquired cyber state 1202 and a respective cyber state profile 1412 A-N.
- the cyber state error metrics 1472 A-N may comprise cyber state error metrics 1472 A quantifying error between the acquired cyber state 1202 and one or more healthy cyber state profiles 1412 A, cyber state error metrics 1472 N quantifying error between the acquired cyber state 1202 and one or more unhealthy cyber state profiles 1412 N, and/or the like, as disclosed herein.
- Step 1730 may comprise determining cyber health metrics 282 for the control system 101 (and/or regions thereof). Step 1730 may comprise evaluating the cyber state error metrics 1472 A-N determined at step 1720 . Step 1730 may comprise determining cyber state error metrics 282 that are: inversely proportional to cyber state error metrics 1472 A that quantify error between the acquired cyber state and healthy cyber state profiles 1412 A and/or are proportional to cyber state error metrics 1472 N that quantify error between the acquired cyber state and unhealthy cyber state profiles 1412 N. Step 1730 may further comprise associating the cyber health metrics 282 with CPSC metrics 575 , as disclosed herein. Step 1730 may further include implementing one or more mitigation operations in accordance with the determined cyber health metrics 282 , as disclosed herein.
- Step 1740 may comprise determining physical state error metrics 1474 by, inter alia, comparing the acquired physical state 1204 of the control system 101 to respective cyber state profiles 1412 .
- Step 1720 may comprise determining a plurality of physical state error metrics 1474 A-N, each quantifying error between the acquired physical state 1204 and a respective physical state profile 1412 A-N.
- the physical state error metrics 1474 A-N may comprise physical state error metrics 1474 A quantifying error between the acquired physical state 1204 and one or more healthy physical state profiles 1414 A, physical state error metrics 1474 N quantifying error between the acquired physical state 1204 and one or more unhealthy physical state profiles 1414 N, and/or the like, as disclosed herein.
- Step 1750 may comprise determining physical health metrics 284 for the control system 101 (and/or regions thereof). Step 1750 may comprise evaluating the physical state error metrics 1474 A-N determined at step 1740 . Step 1750 may comprise determining physical state error metrics 284 that are: inversely proportional to physical state error metrics 1474 that quantify error between the acquired physical state 1204 and healthy physical state profiles 1414 A and/or proportional to physical state error metrics 1474 N that quantify error between the acquired physical state 1204 and unhealthy physical state profiles 1414 N. Step 1750 may further comprise associating the physical health metrics 284 with CPSC metrics 575 , as disclosed herein. Step 1750 may further include implementing one or more mitigation operations in response to the determined physical health metrics 284 , as disclosed herein.
- FIG. 18 is a flow diagram of another embodiment of a method 1800 for securing a cyber-physical system 100 , as disclosed herein.
- Step 1802 may comprise learning one or more cyber state profiles 1412 .
- Step 1802 may comprise learning one or more healthy cyber state profiles 1412 A and/or unhealthy cyber state profiles 1412 N, as disclosed herein.
- Step 1804 may comprise learning one or more physical state profiles 1414 .
- Step 1804 may comprise learning one or more healthy physical state profiles 1414 A and/or unhealthy physical state profiles 1414 N, as disclosed herein.
- Step 1810 may comprise acquiring the cyber and/or physical state 1202 / 1204 of the control system 101 (and/or regions thereof), as disclosed herein.
- Step 1820 may comprise determining cyber state error metrics 1472
- step 1830 may comprise determining corresponding cyber health metrics 282 , as disclosed herein.
- Step 1832 may comprise receiving feedback regarding the cyber heath metrics 282 .
- the feedback of step 1832 my comprise indications regarding the accuracy of the cyber health metrics 282 (e.g., whether heathy cyber health metrics 282 accurately indicated healthy cyber behavior, whether unhealthy cyber health metrics 282 accurately indicated unhealthy cyber behavior, and so on).
- Step 1832 may comprise incorporating the feedback into the cyber state profiles 1412 , which may comprise adjusting one or more of the cyber state profiles 1412 in accordance with the feedback (e.g., adjusting cyber classification parameters 1422 and/or cyber classification parameters values 1428 , and so on).
- Step 1840 may comprise determining physical state error metrics 1474
- step 1850 may comprise determining corresponding physical health metrics 284 , as disclosed herein.
- Step 1852 may comprise receiving feedback regarding the physical heath metrics 284 .
- the feedback of step 1852 my comprise indications regarding the accuracy of the physical health metrics 284 (e.g., whether healthy physical health metrics 284 accurately indicated healthy physical behavior, whether unhealthy physical health metrics 284 accurately indicated unhealthy physical behavior, and so on).
- Step 1852 may comprise incorporating the feedback into the physical state profiles 1414 , which may comprise adjusting one or more of the physical state profiles 1412 in accordance with the feedback (e.g., adjusting physical classification parameters 1442 and/or physical classification parameters values 1448 , and so on).
- These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture, including implementing means that implement the function specified.
- the computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer-implemented process, such that the instructions that execute on the computer or other programmable apparatus provide steps for implementing the functions specified.
- the terms “comprises,” “comprising,” and any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, a method, an article, or an apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, system, article, or apparatus.
- the terms “coupled,” “coupling,” and any other variation thereof are intended to cover a physical connection, an electrical connection, a magnetic connection, an optical connection, a communicative connection, a functional connection, and/or any other connection.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Automation & Control Theory (AREA)
- Testing And Monitoring For Control Systems (AREA)
Abstract
Description
- This invention was made with government support under Contract Number DE AC07-05-ID14517 awarded by the United States Department of Energy. The government has certain rights in the invention.
- This application claims priority to U.S. patent application Ser. No. 16/204,983 filed Nov. 29, 2018, which is incorporated by reference herein.
- This disclosure relates to control system security and, in particular, to systems, methods, apparatus, and/or non-transitory computer-readable storage media for holistically evaluating the cyber-physical health of a control system and/or respective control loops thereof.
- As used herein, a “cyber-physical” system refers to a system comprising cyber components configured to operatively and/or communicatively couple physical components to computational components (and vice versa). As used herein, a “computational component” may refer to a component configured to implement control logic and/or a control function pertaining to a physical process and/or physical process attribute. As used herein, a “physical component” may refer to any suitable means for realizing the control logic and/or control function, which may comprise one or more of: monitoring, sensing, modifying, actuating, modulating, managing, regulating, and/or controlling the physical processes and/or physical process attribute. As used herein, a “cyber component” may refer to any suitable means for communicatively and/or operatively coupling a computational component to a component (e.g., cyber infrastructure to couple physical components to the computational and/or control substrates of the system).
- Conventional techniques for securing cyber-physical systems may attempt to protect internal communication infrastructure from cyber-attack. Conventional systems may not, however, correlate the health of the cyber components and/or detected cyber anomalies with the state of physical components potentially affected thereby (and may be incapable of doing so since the cyber-security components may not be tied to particular physical components of the system). The health of the physical components may be evaluated separately and independently from the cyber components. Conventional techniques for detecting anomalies in physical components may rely on rudimentary recognition techniques based upon known failure modes of the physical components.
- Conventional techniques for securing cyber-physical systems may attempt to guarantee the security and/or integrity of the network(s) used to communicate with physical components of the system. Such security guarantees may be based on perimeter security whereby internal network(s) of the system are secured from attack and/or intrusion from one or more external networks (e.g., may rely on securing gateway(s) and/or external channel(s) of the system). Based on these guarantees, conventional systems may assume that internal communications with physical components are secure. Accordingly, a successful attack on a gateway, external communication channel, and/or physical component of the system could result in complete compromise. Furthermore, an attacker may be able to affect the cyber-physical system via compromised physical components, even while the security guarantees are maintained. Conventional systems may, therefore, be incapable of adequately securing cyber-physical systems from diverse cyber and/or physical attack.
- What is needed are systems, methods, apparatus, and/or non-transitory computer-readable storage media for securing cyber-physical systems that impose minimal overhead, are capable of detecting cyber and physical attack and/or failure modes, and are capable of assessing the validity of the acquired cyber and/or physical state of the control system.
- Disclosed herein are systems, methods, apparatus, and/or non-transitory computer-readable storage media for securing a control system (and/or respective control elements thereof), which may comprise: evaluating the cyber-physical health of the control system; determining error metrics corresponding to communication of context-specific cyber-physical state information through respective control systems of the control system; detecting anomalies in the control system and/or quantifying a confidence in an acquired cyber-physical state of the control system based on, inter alia, the determined error metrics; identifying causes of detected anomalies; acquiring the cyber-physical state of the control system; monitoring the acquired cyber-physical state; comparing the acquired cyber-physical state to learned cyber and/or physical behaviors; and/or the like.
- Additional aspects and advantages will be apparent from the following detailed description of preferred embodiments, which proceeds with reference to the accompanying drawings.
-
FIG. 1A is a schematic block diagram of one embodiment of a cyber-physical system, as disclosed herein; -
FIG. 1B is a schematic block diagram of one embodiment of data structure(s) comprising a cyber-physical topology, as disclosed herein; -
FIG. 2 is a schematic block diagram of one embodiment of resilient security agent, as disclosed herein; -
FIG. 3A is a schematic block diagram illustrating embodiments of data structures comprising embodiments of cyber-physical state metadata, as disclosed herein; -
FIG. 3B illustrates relationships between cyber and/or physical state signatures, as disclosed herein; -
FIG. 4 is a schematic block diagram illustrating embodiments of data structures comprising cyber-physical health metadata, as disclosed herein; -
FIG. 5A is a schematic block diagram of another embodiment of a resilient security agent, as disclosed herein; -
FIG. 5B is a schematic block diagram illustrating embodiments of data structures comprising embodiments of cyber-physical state metadata, as disclosed herein; -
FIG. 6 is a flow diagram of one embodiment of a method for securing a cyber-physical system, as disclosed herein; -
FIG. 7A is a flow diagram of another embodiment of a method for securing a cyber-physical system, as disclosed herein; -
FIG. 7B is a flow diagram of one embodiment of a method for securing a cyber-physical system by communicating state keys through selected regions of a cyber-physical system, as disclosed herein; -
FIG. 8 is a flow diagram of one embodiment of a method for determining a source of anomalous error metrics by a resilient security agent, as disclosed herein; -
FIG. 9 is a flow diagram of another embodiment of a method for determining a source of high error metrics by a resilient security agent, as disclosed herein; -
FIG. 10 is a flow diagram of another embodiment of a method for determining a source of anomalous error metrics by a resilient security agent, as disclosed herein; -
FIG. 11 is a flow diagram of one embodiment of a method for characterizing a cyber-physical health of a selected region of a cyber-physical system, as disclosed herein; -
FIG. 12A-13B are schematic block diagrams of embodiments of a resilient security agent, as disclosed herein; -
FIG. 14A-14B are schematic block diagrams of embodiments of a resilient security agent configured to evaluate cyber and/or physical health based on, inter alia, one or more cyber and/or physical state profiles; and -
FIGS. 15-18 are flow diagrams of additional embodiments of methods for securing a cyber-physical system, as disclosed herein. -
FIG. 1A is a schematic block diagram of one embodiment of acyber-physical system 100, as disclosed herein. Thecyber-physical system 100 may comprisecyber-physical components 102, as disclosed herein (e.g., may feature a tight coupling between cyber communication, computation, and physical substrates). Thecyber-physical system 100 may comprise one or more of: an industrial control system, an intelligent control system, a distributed control system, am embedded control system, a vehicle control system, a building control system, a process control system, a plant control system, a manufacturing control system, a power control system, a power grid system, a Supervisory Control and Data Acquisition (SCADA) system, and/or the like. In theFIG. 1A embodiment, thecyber-physical system 100 comprises acontrol system 101. Thecontrol system 101 may comprise cyber-physical components (components 102), which may include, but are not limited to: cyber communication components (cyber components 120), cyber computational and/or control components (computational components 130),physical components 140, and/or the like. Thecontrol system 101 may further comprise aresilient security agent 110, which, as disclosed in further detail herein, may be configured to prevent, detect, and/or mitigate cyber-physical attacks. - The
control system 101 may comprise and/or implement one or more “cyber-physical control elements” 105. As used herein, a “cyber-physical control element” (CPCE) 105 refers tocyber-physical components 102 configured to implement control functions pertaining to one or morephysical process variables 155. As used herein a “physical process variable” or “process variable” 155 may refer to any suitable physical phenomena capable of being sensed, measured, monitored, adjusted, manipulated, managed, protected, regulated, and/or otherwise controlled bycyber-physical components 102 of thecontrol system 101. A physical process variable (PPV) 155 may comprise a manipulated variable of a control function implemented by theCPCE 105. APPV 155 may comprise and/or correspond to one or more of aphysical process 150, aphysical process attribute 152, and/or the like. As used herein, a “physical process” 150, may refer to any physical phenomena and/or process capable of being controlled by acyber-physical system 100, which may include, but is not limited to: an industrial process, a mechanical process, an electromechanical process, an electrical process, an electrical power process, an electrical power generation process, an electrical power distribution process, an electrical power conditioning process, an electrical power storage process, an electrical power load process, a manufacturing process, a fluid process, a chemical process, and/or the like. As used herein, anattribute 152 of a physical process 150 (or “physical process attribute” 152) may refer to any suitable attribute, variable, process variable, characteristic, parameter, and/or state capable of controlled by acyber-physical system 100. As used herein, “controlling” aPPV 155 may refer to one or more of: sensing, measuring, monitoring, adjusting, manipulating, managing, regulating, protecting, and/or otherwise controlling thePPV 155 by use ofcyber-physical components 102 of thecontrol system 101. Therefore, as used herein, aCPCE 105 may comprise, embody, and/or correspond to one or morecyber-physical components 102 of thecontrol system 101. ACPCE 105 may comprise, embody, and/or implement one or more of a control function, a cyber-physical control function, a control path, a cyber-physical control path, a control loop, a cyber-physical control loop, control means, cyber-physical control means, and/or the like. As disclosed in further detail herein, aCPCE 105 may comprise cyber, computational, and/orphysical components control system 101. - Computational and/or control operations of a
CPCE 105 may be implemented bycomputational components 130, which may be tightly coupled to correspondingphysical components 140 of theCPCE 105 by one or morecyber components 120. Thecyber components 120 of thecontrol system 101 may comprise, embody, and/or implement cyber communication services, which be configured to operatively and/or communicatively couplecomponents 102 of thecontrol system 101. Thecyber components 120 may comprise any suitable means for operatively and/or communicatively couplingphysical components 140 of thecontrol system 101 tocomputational components 130 of thecontrol system 101, which may include, but are not limited to: communication components, communication devices, communication interface components, communication media, communication ports, concentrator components, concentrator devices, receivers, transmitters, transceivers, transducers, repeaters, network components, network devices, network interfaces, network components, network communication media (e.g., network wiring, ports, and/or the like), network hubs, network concentrators, network switches, network routers, network security devices, network firewalls, network filters, network drivers, network protocol drivers, cyber nodes (cyber nodes 124), and/or the like. In some embodiments, thecyber components 120 may comprise, embody, and/or implement acontrol system network 122. As used herein, a control system (CS)network 122 may refer to any suitable means for communicatively couplingcomponents 102 of acyber-physical system 100, such as thecontrol system 101. The CS network 122 may include, but is not limited to: a communication network, an electronic communication network, an internal network, an Internet Protocol (IP) network, a wireless network, a Local Area Network (LAN), a Wide Area Network (WAN), a Virtual Private Network (VPN), a wireless network (e.g., IEEE 802.11a-n wireless network, Bluetooth® network, Near-Field Communication (NFC) network, and/or the like), a public switched telephone network (PSTN), a mobile network (e.g., a network configured to implement one or more technical standards or communication methods for mobile data communication, such as Global System for Mobile Communication (GSM), Code Division Multi Access (CDMA), CDMA2000 (Code Division Multi Access 2000), EV-DO (Enhanced Voice-Data Optimized or Enhanced Voice-Data Only), Wideband CDMA (WCDMA), High Speed Downlink Packet access (HSDPA), High Speed Uplink Packet Access (HSUPA), Long Term Evolution (LTE), LTE-A (Long Term Evolution-Advanced), and/or the like), an embedded network, a control network, a process control network, a sensor network, an actuator network, a SCADA network, a Distributed Network Protocol (DNP3) network, an International Electrotechnical Commission 60870 (IEC 60870) network, an Experimental Physics and Industrial Control System (EPICS), a combination of networks, a Phasor network, a plurality of networks, a plurality of separate networks, a plurality of communicatively and/or operatively coupled networks, and/or the like. In some embodiments, thecyber components 120 may be further configured to secure communications on theCS network 122, which may comprise encrypting, signing, authenticating, and/or verifying the integrity of messages communicated within theCS network 122. As used herein, a message communicated on theCS network 122 may comprise one or more: signals, control signals, control system signals, commands, sensor commands, actuator commands, sensor signals, sensor data signals, actuator signals, actuator command signals, packets, data packets, network packets, IP packets, DNP3 packets, SCADA packets, synchrophasors, synchrophasor data, and/or the like. - In some embodiments, the
cyber components 120 may further comprisecyber security components 123, which may be configured to securely couple the CS network 122 (and/or portions thereof) to one or more external networks. Thecyber security components 123 may comprise perimeter security means configured to prevent, detect, and/or mitigate attacks from the external networks. Thecyber security components 123 may include, but are not limited to: gateways, channels, firewalls, port monitors, network filters, intrusion detection systems, and/or the like, as disclosed herein. - The
CS network 122 may comprise and/or be configured to communicatively couple a plurality of cyber nodes (cyber nodes 124). As used herein, “cyber node,” “cyber node,” or “node” 124 of acyber-physical system 100, refers to a point at which cyber communication (e.g., messages as disclosed above) may be received, sent, transmitted, generated, forwarded, routed, and/or otherwise communicated within thecontrol system 101. Acyber node 124 may comprise any suitablecyber-physical component 102 of thecontrol system 101 capable of being operatively and/or communicatively coupled to theCS network 122, including, but not limited to: a cyber component 120 (e.g., cyber infrastructure such as a network device, concentrator, hub, router, gateway, network interface device,cyber security component 123, and/or the like), a computational component 130 (e.g., a computing device, acontroller 132, anautomation controller 134, a monitoring device, an RTU, and/or the like), a networked physical component 140 (e.g., anetworked sensor device 144, a networked actuator device 146), and/or the like. The networked sensor/actuator devices 144/146 may comprise respective cyber nodes 124 (not shown inFIG. 1B to avoid obscuring details of the disclosed embodiments). - The
computational components 130 of thecontrol system 101 may comprise, embody, and/or implement computational services of thecontrol system 101, which may include, but are not limited to: computational services, control services, monitoring services, configuration services, interface services, human-machine-interface (HMI) services, and/or the like. Thecomputational components 130 may comprise any suitable means for implementing computational services, which may include, but are not limited to: a processor, a general-purpose processor, an application-specific processor, an Application-Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), a computing device (e.g., a device comprising a processor, memory, non-transitory storage, a network interface, and/or the like), a monitoring device, an HMI device, a supervisory computing device, a Remote Terminal Unit (RTU), an Intelligent Electronic Device (IED), a control device, a process controller, a microcontroller, control logic, programmable logic, a programmable logic controller (PLC), a controller, a linear controller, a Proportional-Integral-Derivative (PID) controller, a control element, a relay, a protective relay, a safety relay, a switch, an automation controller, a Real-Time Automation Controller (RTAC), and/or the like. In theFIG. 1A embodiment, thecomputational components 130 of thecontrol system 101 may include acontroller 132, anautomation controller 134, and anHMI device 136. The disclosure is not limited in this regard, however, and could be adapted to include any number and/or type ofcomputational components 130. - The
physical components 140 of thecontrol system 101 may comprise and/or correspond to one ormore PPV 155, as disclosed herein (e.g., one or morephysical processes 150 and/or physical process attributes 152). Thephysical components 140 may further comprise components configured to implement physical operations, which may include, but are not limited to: sensing, measuring, monitoring, manipulating, actuating, affecting, modifying, managing, regulating, and/or controlling respective PPV 155 (and/or other physical components 140). Thephysical components 140 may comprise any suitable means for implementing physical operations, including, but not limited to: mechanical devices, electromechanical devices, electrical devices, solid-state devices, digital devices, analog devices, pneumatic devices, hydraulic devices, monitoring devices, receiver devices, transceiver devices, physical control devices, sensing devices (e.g., sensor devices 144), actuation devices (e.g., actuator devices 146), and/or the like. - In some embodiments,
physical components 140 of thecontrol system 101 may be operatively and/or communicatively coupled to one or moreother components 102 of thecontrol system 101. Aphysical component 140 may be coupled to otherphysical components 140 of thecontrol system 101,cyber components 120 of thecontrol system 101,computational components 130 of thecontrol system 101, and/or the like (e.g., may be operatively and/or communicatively coupled to thecontroller 132, as illustrated inFIG. 1A ). Aphysical component 140 that is operatively and/or communicatively coupled to one or moreother components 102 of thecontrol system 101 may be referred to as a “receiver” of the one ormore components 102.Physical components 140 of thecontrol system 101 may comprise and/or be coupled to means for interfacing withother components 102 of thecontrol system 101, which may comprise means for transmitting signals to and/or receiving signals fromother components 102 of thecontrol system 101. The means for interfacing may comprise one or more of: a transducer, an analog-to-digital converter (DAC), a receiver, a transmitter, a transceiver, a port, an interface, a communication port, a communication interface, communication media, a network port, a network interface, a network interface device, network communication media, and/or the like. In some embodiments, one or morephysical components 140 of thecontrol system 101 may be directly coupled to one or moreother components 102 of thecontrol system 101. The one or morephysical components 140 may, for example, be directly coupled to thecontroller 132 by a direct device-to-device coupling, dedicated communication media, and/or the like. Alternatively, or in addition, one or morephysical components 140 of thecontrol system 101 may be operatively and/or communicatively coupled to theCS network 122 by, inter alia,cyber components 120 of the control system 101 (e.g., may comprise and/or be communicatively coupled to the CS network 122). Aphysical component 140 that is operatively and/or communicatively coupled to theCS network 122 may be referred to as a “networked”physical component 140. - As disclosed above, the
physical components 140 of thecontrol system 101 may comprise means for performing one or more physical operations, which may include, but are not limited to:sensor devices 144,actuator devices 146, and/or the like (e.g.,sensor devices 144A-N andactuator devices 146A-N, as illustrated inFIG. 1A ). As used herein, a sensor device 144 of the control system 101 may comprise any suitable means for obtaining information pertaining to a PPV 155, which may include, but is not limited to, one or more of: a SCADA sensor, an active sensor, a passive sensor, a measurement device, a monitoring device, an electromechanical sensor device, an electrical measurement device, a current measurement device, a voltage measurement device, a capacitance measurement device, an inductive sensor, a resistance measurement device, an impedance measurement device, a phase measurement unit (PMU), a magnetic sensor, a magnetic field sensor, an Anisotropic Magneto-Resistive (AMR) sensor, an arc detection device, a Hall effect sensor, a power measurement device, an electrical power measurement device (e.g., a power meter), a light sensor, a color sensor, a photoelectric sensor, an electro-optical radiation sensor, an infra-red sensor, an image capture device, a mechanical measurement device, a mechanical power measurement device, a torque sensor, a tachometer, a position sensor, a Global Positioning System (GPS) device, a velocity measurement device, a vehicle speed sensor, a speedometer, an angular velocity sensor, an orientation sensor, a tile sensor, a compass, an accelerometer, a gyroscope, a pressure sensor, a shock sensor, a vibration sensor, an ultrasonic sensor, a temperature sensor, a thermocouple device, a humidity sensor, a proximity sensor, a chemical sensor, a particulate sensor, a gas sensor, a smoke sensor, a flow sensor, a level sensor, a touch sensor, a nanosensor, and/or the like. - The
physical components 140 of thecontrol system 101 may further compriseactuator devices 146A-N. As used herein, anactuator device 146 of thecontrol system 101 may comprise any suitable means for implementing physical operations pertaining to aPPV 155. An actuator device 146 may comprise, but is not limited to, one or more of: a SCADA actuator, a linear actuator, a rotary actuator, a fluid actuator, a hydraulic actuator, a hydraulic cylinder actuator, a pneumatic actuator, a mechanical actuator, a rack and pinion actuator, a comb drive actuator, a chain actuator, a screw jack actuator, a magnetic actuator, an electric actuator, an electromechanical actuator, an electric motor, a servomechanism, a solenoid, a stepper motor, a torque motor, a shape-memory allow actuator, a switch, a rotary switch, a toggle switch, an electronic switch, an electrically operated switch, a relay, a solid-state relay, an analogue switch, a crossbar switch, a transistor switch, an electromechanical relay, an attracted armature relay, an induction relay, a mechanical relay, a moving coil relay, a motor-operated relay, a thermal relay, a circuit breaker, a Twisted and Coiled Polymer (TCP) actuator, a Supercoiled Polymer (SCP) actuator, a thermal actuator, a thermal bimorph actuator, a soft actuator, a Shape Memory Polymer (SMP) actuator, a Photopolymer/light Activated Polymer (LAP) actuator, a Dielectric Elastomer (DE) actuator, an Ionic Polymer Metal Composite (IPMC) actuator, an Electroactive Polymer (EAP) actuator, and/or the like. In some embodiments, anactuator device 146 may be configured to acquire state information pertaining to one or more PPV 155 (aphysical process 150 and/or attribute(s) 152 thereof), theactuator device 146 itself, physical operations implemented by theactuator device 146, and/or the like. Theactuator device 146 may be further configured to communicate acquired state information to one or morecomputational components 130. Alternatively, or in addition, theactuator device 146 may comprise and/or be coupled to one ormore sensor devices 144, which may be configured to acquire and/or communicate the state information, as disclosed herein. As illustrated inFIG. 1A , thephysical components 140 of theCPCE 105 may comprise one ormore actuator devices 146A-N, each comprising suitable means for implementing physical operations pertaining to aPPV 155 of theCPCE 105, which may comprise moving, manipulating, regulating, and/or actuating mechanism(s) operatively coupled to thePPV 155. - As disclosed above, the
control system 101 may comprise, embody, and/or be configured to implement one ormore CPCE 105. Implementing aCPCE 105 may comprise controlling one ormore PPV 155 by use ofcyber-physical components 102 of thecontrol system 101. ACPCE 105 may, therefore, comprise and/or embodycyber-physical components 102 of thecontrol system 101. As illustrated inFIG. 1A , aCPCE 105 may comprise:computational components 130 configured to implement one or more control function(s) pertaining torespective PPV 155 of theCPCE 105,physical components 140 by which thecomputational components 130 realize the control function(s), andcyber components 120 by which thecomputational components 130 of theCPCE 105 may be operatively and/or communicatively coupled to thephysical components 140 of theCPCE 105. - The
computational components 130 of theCPCE 105 illustrated inFIG. 1A may comprise acontroller 132. Thecontroller 132 may be configured to implement a control function pertaining to one ormore PPV 155. Thephysical components 140 of theCPCE 105 illustrated inFIG. 1A may, therefore, comprise one ormore PPV 155, andphysical components 140 by which thecontroller 132 senses, measures, monitors, adjusts, manipulates, manages, regulates, and/or otherwise controls thePPV 155, such as one ormore sensor devices 144A-N, one ormore actuator devices 146A-N, and/or the like. TheCPCE 105 ofFIG. 1A may further comprise cyber components 120 (e.g., cyber nodes 124) by which thecontroller 132 may be operatively and/or communicatively coupled to thephysical components 140 of theCPCE 105. - The
controller 132 may comprise any suitable means for implementing computational and/or control operations, as disclosed herein. Implementing the control function of theCPCE 105 may comprise the controller 132: determining a state of the control function (e.g., a state ofPPV 155 of the control function), and determining control decisions in accordance with the determined state. As used herein, the state of a control function of aCPCE 105 may refer to one or more of: a state of thephysical components 140 of theCPCE 105, a state of thePPV 155 of theCPCE 105, a state ofphysical components 140 operatively coupled to the PPV 155 (e.g., a state of one or more of thesensor devices 144A-N,actuator devices 146A-N, and/or the like), a state of thecomputational components 130 of the CPCE 105 (e.g., a state of the controller 132), a state ofcyber components 120 of theCPCE 105, and/or the like. - In some embodiments, the control function of the
CPCE 105 may comprise controlling the value of thePPV 155, and implementing the control function may comprise the controller 132: acquiring a current state of thePPV 155 by use of one ormore sensor devices 144A-N, and determining control decisions to reduce an error between the acquired state of thePPV 155 and a target state or set point. Thecontroller 132 may acquire the current state of thePPV 155 by use of one ormore sensor devices 144A-N, and may realize the control decisions by use of one ormore actuator devices 146A-N. In some embodiments, thecontroller 132 may be configured to implement a PID control function, which may comprise the controller 132: acquiring a state of thePPV 155 by use of one or morephysical components 140 of the CPCE 105 (e.g., by use of one ormore sensor devices 144A-N), calculating an error value e(t) quantifying deviation between the acquired state of thePPV 155 and a target state, and determining proportional, integral, and/or derivative components of a control output u(t) to minimize the error value e(t) over time (the control output u(t) corresponding to physical operations implemented by, e.g., one ormore actuator devices 146A-N). Alternatively, or in addition, the control function implemented by thecontroller 132 may comprise a protective function, which may comprise: monitoring a state of the PPV 155 (by use of one ormore sensor devices 144A-N), and determining whether to take one or more protective actions in accordance with the monitored state (the protective actions to be realized by one ormore actuator devices 146A-N). By way of non-limiting example, theCPCE 105 may implement a protective relay function configured to open a branch breaker in response to detection of a fault state. Although particular examples of control functions are described herein, the disclosure is not limited in this regard and could be adapted for use with any suitable monitoring and/or control means configured to implement any suitable control, protection, regulation, monitoring, and/or management operations pertaining to any suitablephysical process 150,physical process attribute 152, and/orPPV 155. - As disclosed above, the
computational components 130 of aCPCE 105, such as thecontroller 132, may utilizephysical components 140 to implement control function(s) of theCPCE 105. Thephysical components 140 of theCPCE 105 illustrated inFIG. 1A may comprise one ormore sensor devices 144A-N, which may be configured to: acquire information pertaining toPPV 155, and/or one or more otherphysical components 140 of theCPCE 105, communicate the acquired information to thecontroller 132, and so on. Asensor device 144 may communicate information acquired thereby using any suitable communication means, including, but not limited to: signals, control signals, control system signals, sensor signals, sensor data signals, device-to-device couplings, packets, data packets, network packets, IP packets, DNP3 packets, SCADA packets, synchrophasors, synchrophasor data, and/or the like. In some embodiments, one or more of thesensor devices 144A-N may be coupled to the CS network 122 (e.g., may comprise networkedphysical components 140 and/or may be coupled to theCS network 122 by one or more cyber components 120). Alternatively, or in addition, one or more of thesensor devices 144A-N may be directly coupled to one or morecomputational components 130 of aCPCE 105, as disclosed herein (e.g., may be directly coupled to thecontroller 132 of theCPCE 105 ofFIG. 1A ). In some embodiments, one or more of thesensor devices 144A-N may be configured to communicate sensor data to othercyber-physical components 102 of thecontrol system 101, such as another controller 132 (not shown inFIG. 1A to avoid obscuring details of the illustrated embodiments), anautomation controller 134, anHMI device 136, and/or the like. In some embodiments, asensor device 144 may be adapted to receive and/or implement configuration data, which may comprise configuring thesensor device 144, configuring communication of acquired data by thesensor device 144, configure data acquisition of the sensor device 144 (e.g., configure data acquisition frequency, sample period, resolution, etc.), and/or the like. The sensor configuration data may be communicated through theCS network 122, directly from the controller 132 (or other cyber-physical component 102), and/or the like. - The
actuator devices 146A-N of thecontrol system 101 may be configured to implement physical operations, which physical operations may comprise affecting, manipulating, modifying, regulating, protecting, managing, and/or otherwise controlling one or more of: a PPV 155 (e.g.,physical process 150 and/or physical process attribute(s) 152A-N thereof), otherphysical components 140, and/or the like. The actuation device(s) 146A-N may be configured to implement physical operations in response to control signal(s), which may comprise, but are not limited to: signals, control signals, control system signals, actuator signals, actuator control signals, commands, actuator commands, messages, packets, data packets, network packets, IP packets, DNP3 packets, SCADA packets, and/or the like. In some embodiments, one or more of thesensor devices 144A-N may be coupled to the CS network 122 (e.g., may comprise networkedphysical components 140 and/or may be coupled to theCS network 122 by one or more cyber components 120). Alternatively, or in addition, one or more of theactuator devices 146A-N may be directly coupled to one or more cybercomputational components 130, as disclosed herein (e.g., may be directly coupled to thecontroller 132 of theCPCE 105 ofFIG. 1A ). As disclosed above, thecontroller 132 may utilize one or more of theactuator devices 146A-N to implement the control function of theCPCE 105. The one ormore actuator devices 146A-N may be configured to implement physical operations in response to control signal(s) from thecontroller 132. Alternatively, or in addition, one or more of theactuator devices 146A-N may be configured to implement physical operations in response to command signal(s) from othercyber-physical components 102 of thecontrol system 101, such as another controller 132 (not shown inFIG. 1A to avoid obscuring details of the illustrated embodiments), anautomation controller 134, anHMI device 136, and/or the like. In some embodiments, anactuator device 146 may be adapted to receive and/or implement configuration data, which may comprise configuring theactuator device 146, identifyingcomponents 102 authorized to issue control signals to theactuator device 146, configuring a response of theactuator device 146 to control signals, configuring physical operations implemented by the actuator device 146 (e.g., adjusting a control sensitivity, setting a range and/or throw of physical operations), and/or the like. The actuator configuration data may be communicated through theCS network 122, directly from the controller 132 (or other cyber-physical component 102), and/or the like. - In some embodiments, the
CPCE 105 may comprise and/or be coupled to anautomation controller 134. Theautomation controller 134 may be configured to implement an automation function that involves and/or comprises a plurality of CPCE 105 (other CPCE 105 not shown inFIG. 1A to avoid obscuring details of the illustrated embodiments). Theautomation controller 134 may be configured to monitor, coordinate, manage, and/or control operation of one ormore CPCE 105, which may comprise: configuringcyber components 120 of theCPCE 105, configuringcomputational components 130 of the CPCE 105 (e.g., configuring thecontroller 132 to implement a specified control function, specify a set point for the control function, and/or the like), configuringphysical components 140 of theCPCE 105, monitoringcomputational components 130 of theCPCE 105, monitoringphysical components 140 of the CPCE 105 (e.g., monitoring sensor and/oractuator devices 144/146 of the CPCE 105),monitoring PPV 155 of the CPCE 105 (e.g., by use ofsensor devices 144 of the CPCE 105), controllingphysical components 140 of the CPCE 105 (e.g., issuing commands toactuator devices 146 of the CPCE 105), and/or the like. Alternatively, or in addition, anautomation controller 134 may control one ormore CPCE 105, which may comprise implementing control functions of theCPCE 105, as disclosed herein. - Although
FIG. 1A depicts anexemplary CPCE 105 comprising particularcyber-physical components 102 of thecontrol system 101, including in particular:cyber components 120,computational components 130, and/orphysical components 140, the disclosure is not limited in this regard and could compriseCPCE 105 comprising any suitable cyber-physical component(s) 102 configured to control any type and/or number ofPPV 155,physical processes 150, and/or physical process attributes 152 in accordance with any suitable control function. Moreover,cyber-physical components 102 of thecontrol system 101 may be used inmultiple CPCE 105, acomputational component 130 may be used to implement a plurality ofdifferent CPCE 105, asensor device 144 may be configured to provide sensor and/or measurement data tocomputational components 130 of a plurality ofCPCE 105, anactuator device 146 may be configured to implement physical operation(s) in response to commands fromcomputational components 130 of a plurality ofCPCE 105, and so on. - As disclosed above, the
controller 132 may be configured to implement a control function of theCPCE 105 by use of physical components 140 (e.g., by use of one or more sensor and/oractuator devices 144/146). Thecontroller 132 may utilize one or morephysical components 140 to: acquire the state of the CPCE 105 (e.g., determine the state of thePPV 155 and/or otherphysical components 140 of the CPCE 105), and realize control decisions pertaining to thePPV 155. Thecontroller 132 may, therefore, be “closely coupled to” and/or have a “physical dependency” on the one or morephysical components 140. As used herein, a “physical dependency” of aCPCE 105 refers to a dependency of acomputational component 130 of a CPCE 105 (e.g., the controller 132), on one or morephysical components 140 of theCPCE 105. In some embodiments, aphysical component 140 of aCPCE 105 may have a “cyber dependency” on one or morecomputational components 130 of theCPCE 105. As disclosed above, anactuator device 146 of theCPCE 105 ofFIG. 1A may be configured to implement physical operations pertaining to thePPV 155 in accordance with control signal(s) generated by thecontroller 132 of theCPCE 105. Theactuator device 146 may, therefore, have a cyber dependency on thecontroller 132. Theactuator device 146 may also have cyber dependencies oncyber components 120 by which theactuator device 146 is operatively and/or communicatively coupled to thecontroller 132. Dependencies betweencyber-physical components 102 of aCPCE 105 may be referred to as “cyber-physical dependencies.” TheCPCE 105 illustrated inFIG. 1A may comprise cyber-physical dependencies between thecontroller 132 and thephysical components 140 on which thecontroller 132 depends to implement control function(s) of theCPCE 105, which may comprise cyber-physical dependencies between thecontroller 132 andphysical components 140 by which thecontroller 132 acquires information pertaining to the state of theCPCE 105, and actuator device(s) by which thecontroller 132 realizes control operations, and so on, a disclosed herein. - As disclosed above, conventional techniques for securing
cyber-physical systems 100 may be configured to prevent and/or detect attacks directed against cyber components 120 (e.g., protect theCS network 122 from external attack). Conventional systems may attempt to guarantee security of CS network(s) 122 based on perimeter security (e.g., by securing gateway(s) and/or channel(s) to external networks) and, as such, may operate under the assumption that internal communications are secure and can be trusted. Alternatively, some conventional systems may attempt to secure internal communication (e.g., may encrypt and/or sign messages communicated on internal network(s) 122). These conventional systems may also monitorphysical components 140 to detect known failure modes. These conventional techniques, however, may provide inadequate protection, and may be incapable of detecting and/or mitigating certain types of cyber-physical attacks. Due to resource constraints, conventional systems may primarily rely on perimeter security, such that a successful attack on the perimeter security measures may result in complete compromise. Moreover, even if internal communications are secured, conventional security techniques may still leave thecontrol system 101 venerable; attackers may still be able to affect thecontrol system 101 via the physical and/or computational environment. - Conventional systems may not be capable of detecting and/or mitigating attacks directed against physical and/or computational components of a
cyber-physical system 100. As used herein, a “physical” or “component” attack refers to an attack pertaining to particularcyber-physical components 102.Cyber-physical components 102 may be attacked through an external network, theCS network 122, or through the physical and/or computational environment. Aphysical component 140 may be attacked by, inter alia, altering the physical environment (e.g., moving or obscuring a sensor device 144), connecting to local communication means of an actuator device 146 (e.g., an on-board communication port), and/or the like. A component attack may further comprise utilizing compromisedcyber-physical components 102 to disrupt operation of the control system 101 (and/or one ormore CPCE 105 thereof) by, inter alia, implementing “adversarial operations.” As used herein, an “adversarial operation” refers to an operation configured to disrupt and/or interfere with the operation of thecontrol system 101 and/or aCPCE 105 thereof. An adversarial operation may comprise causing acyber-physical component 102 to introduce adversarial signals into thecontrol system 101, modify response(s) to control signals, modify computational and/or control operations, and/or the like. A physical component attack may comprise causing asensor device 144 to feed adversarial sensor data to acontroller 132, causing anactuator device 146 to change its response to control signals, and so on. By way of further non-limiting example, a component attack may be directed againstcomputational components 130, which may slow down control operations implemented thereby (e.g., cause thecontroller 132 to implement higher-priority, computationally intensive tasks), modify the control function(s) implemented by thecontroller 132, changing parameters of the control function(s), and/or the like. - Conventional mechanisms for securing
cyber-physical systems 100 may be incapable of detecting component attacks and/or distinguishing such attacks from cyber-attack. Moreover, the adversarial operations (and corresponding adversarial signals) of a component attack may be configured to emulate nominal internal communication and, as such, may not be detected by conventional systems, including conventional systems that attempt to secure internal communications. Furthermore, even if anomalous communications are detected, conventional systems may misidentify such anomalies as indicative of a cyber-attack as opposed to an attack directed to particular component(s) 102 of thecontrol system 101. - A component attack may result in anomalous cyber behavior within the
CS network 122 which may be manifested as, inter alia, anomalous cyber communication corresponding to the adversarial operations performed by compromisedcomponents 102 and/or attempts bycomponents 102 of thecontrol system 101 to respond to disruptions caused by such anomalous operations (e.g., changes in communication to/fromcomponents 102 of thecontrol system 101 on network(s) 122 of the control system 101). As disclosed above, conventional systems may not be capable of distinguishing communications resulted from a component attack from communications indicative of nominal operation. For example, messages comprising adversarial signals produced by a compromisedsensor device 144 may be similar to messages comprising non-adversarial signals produced by thesensor device 144 during normal operation. By way of further example, messages comprising adversarial control signals output by a compromised controller 132 (and/or return signals from a compromised actuator device 146) may be similar to messages during nominal operation. It may not be possible, therefore to detect component attacks by conventional cyber health monitoring. Moreover, even if a conventional system were capable of detecting cyber anomalies resulting from a component attack, the conventional system would still be incapable of determining the cause of such cyber anomalies. Conventional systems may attempt to detect cyber-attacks using cyber components 120 (e.g.,cyber security components 123, such as intrusion detection systems), which have no tie tophysical components 140 of thecontrol system 101 to which the component attack is directed (e.g.,physical components 140, such assensor devices 144,actuator devices 146, and/or the like). Therefore, since conventional recognition of cyber-attacks rely on monitoringcyber components 120 that are separate and/or independent of the physical and/or computational environment of thecontrol system 101, conventional systems may not be capable of detecting cyber anomalies resulting from component attacks and/or determining the source of such anomalies (e.g., may misidentify the cause of cyber anomalies as a cyber-attack and/or compromise of theCS network 122, rather than an attack affectingphysical components 140 of the control system 101). - Conventional systems may also be incapable of adequately responding to physical anomalies resulting from a component attack. Physical anomalies resulting from a component attack may not be detectable by conventional security systems (since communications pertaining to the compromised components are within the
CS network 122, which such systems may assume is secure). Moreover, even conventional systems configured to monitorphysical components 140 may be incapable of detecting physical anomalies arising due to component attacks. As disclosed above, the physical anomalies caused by a component attack may not correspond to physical anomalies associated with known failure modes of thephysical components 140 of thecontrol system 101. Therefore, conventional physical health monitoring may be incapable of detecting component attacks. Moreover, even if a conventional system were capable of detecting physical anomalies associated with a component attack, the conventional system would still be incapable of determining that the cause of such physical anomalies is a component attack as opposed to a physical failure mode. Furthermore, conventional systems may be incapable of identifying compromisedphysical components 140 and/or distinguishing compromisedphysical components 140 fromphysical components 140 that are experiencing physical failure. - As disclosed above, the
control system 101 may comprise a resilient security (RS)agent 110. In some embodiments, theRS agent 110 may comprise and/or be embodied bycomputational components 130 of thecontrol system 101, such as a computing device, an RTU, a PLC, acontroller 132, anautomation controller 134, anHMI device 136, and/or the like. In theFIG. 1A embodiment, theRS agent 110 is implemented on thecontroller 132. As disclosed in further detail herein, theRS agent 110 may be configured to secure thecontrol system 101, which may comprise: generatingstate keys 160 comprising cyber-physical key data corresponding to a current cyber-physical state of the control system 101 (and/or respective regions thereof), communicating thestate keys 160 throughCPCE 105 of thecontrol system 101, and determiningcyber-physical health metadata 180 pertaining to thecontrol system 101 based on, inter alia,error metrics 175 corresponding to communication of thestate keys 160. TheRS agent 110 may be configured to generate and/or communicatestate keys 160 in accordance withcyber-physical state metadata 111, which comprise, characterize, define, and/or otherwise indicate a cyber-physical state of thecontrol system 101. Thestate keys 160 may comprise cyber-physicalkey data 162, which may be derived from the current and/or real-time cyber-physical state of thecontrol system 101. The cyber-physicalkey data 162 may comprise a cyber seed configured to characterize a cyber state of the control system 101 (and/or selected region thereof), and a physical seed configured to characterize a physical state of the control system 101 (and/or selected region thereof). Accordingly, it may be impossible for an attacker to spoof and/orreplay state keys 160. Moreover, thestate keys 160 may be derived using simple computational techniques, such that generation and communication of thestate keys 160 imposes low overhead, and can be implemented bycyber-physical components 102 with minimal computational resources (e.g., bycontrollers 132, PLC, and/or the like). - The
state keys 160 communicated by theRS agent 110 may comprise and/or correspond to a cyber-physical state of the control system 101 (and/or respective regions thereof). As used herein, the “cyber-physical state” of acyber-physical system 100, such as thecontrol system 101, may refer to a state ofcyber-physical components 102 of thecontrol system 101, which may comprise and/or correspond to: a state of cyber and/or physical services implemented by respectivecyber-physical components 102, a configuration of respectivecyber-physical components 102, utilization of respectivecyber-physical components 102, and/or the like. TheRS agent 110 may comprise and/or be communicatively coupled tocyber-physical state metadata 111, which may be configured to comprise, define, and/or characterize the cyber-physical state of the control system 101 (and/or respective regions thereof). Thecyber-physical state metadata 111 may comprisecyber-state parameters 112, which may correspond to respective aspects, characteristics, and/or features of the cyber-physical state of thecontrol system 101. In some embodiments, theRS agent 110 may be configured to acquire and/or maintain the cyber-physical state metadata 111 (e.g., by acquiring information pertaining to the cyber-physical state of thecontrol system 101 from, inter alia, respectivecyber-physical components 102 thereof). Alternatively, or in addition, theRS agent 110 may be communicatively coupled tocyber-physical state metadata 111 acquired by another entity (not shown inFIG. 1A to avoid obscuring details of the disclosed embodiments). - The
cyber-physical state metadata 111 may comprise and/or correspond to acyber-physical topology 115 of thecontrol system 101. As used herein, the “cyber-physical topology” 115 of acyber-physical system 100 may refer to a cyber and/or physical arrangement of thecyber-physical components 102 thereof. Thecyber-physical topology 115 of thecontrol system 101 may, therefore, be unique to thecontrol system 101, unique to a particular configuration of thecontrol system 101, unique to particular cyber-physical state(s) of thecontrol system 101, and/or the like. Thecyber-physical topology 115 of thecontrol system 101 may comprise, define, and/or characterizecyber paths 126 of thecontrol system 101. As used herein, acyber path 126 refers to means by which respective cyber and/orcomputational components 120/130 of thecontrol system 101 may be operatively and/or communicatively coupled to respectivephysical components 140 and/orPPV 155 of the control system 101 (and vice versa). Thecyber-physical topology 115 of thecontrol system 101 illustrated inFIG. 1A may comprise, define, and/or characterizecyber paths 126 by which the controller 132 (and/or other computational components 130) may be operatively and/or communicatively coupled to respective sensor and/oractuator devices 144/146. Acyber path 126 may comprise one or morecyber components 120, portions of theCS network 122,cyber nodes 124, one or more device-to-device couplings, and/or the like, as disclosed herein. Thecyber-physical topology 115 may further comprise, define, and/or characterize a physical control topology of thecontrol system 101, which may comprise information pertaining to physical control couplings and/or or correlational relationships between computational and/orphysical components 130/140 of thecontrol system 101 and respective PPV 155 (e.g.,physical processes 150 and/or physical process attributes 152). In theFIG. 1A embodiment, the physical control topology may correspond to couplings between thecontroller 132 and respective sensor/actuator devices 144A-N/146A-N, and/orPPV 155A-N (e.g., may indicate physical couplings between respective sensor/actuator devices 144A-N/146A-N and respectivephysical processes 150 and/or physical process attributes 152). -
FIG. 1B illustrates embodiments of data structure(s) configured to comprise, define, and/or characterize embodiments of acyber-physical topology 115, as disclosed herein. In some embodiments, thecyber-physical topology 115 of acontrol system 101 may comprise and/or be embodied by a configuration of the control system 101 (and/or a configuration of respectivecyber-physical components 102 of the control system). Alternatively, or in addition, thecyber-physical topology 115 may be represented and/or maintained by use of one or more data structures, such as one or more of the data structures illustrated inFIG. 1B . Data structures comprising information pertaining to thecyber-physical topology 115 of acontrol system 101 may be maintained within any suitable computer-readable medium, including a memory, volatile memory, non-volatile memory, non-volatile storage, firmware, and/or the like. - In some embodiments, the
cyber-physical topology 115 may comprise information pertaining to cyber communication within thecontrol system 101, including information pertaining means by whichcomputational components 130 of thecontrol system 101 are operatively and/or communicatively coupled to respectivephysical components 140. As illustrated inFIG. 1B , thecyber-physical topology 115 may comprise and/or representcyber nodes 124 of the control system 101 (e.g.,cyber nodes 124A-N). Thecyber-physical topology 115 may, therefore, comprise, represent, and/or correspond to a topology of theCS network 122. Thecyber-physical topology 115 illustrated inFIG. 1B may correspond to thecontrol system 101 depicted inFIG. 1A and, as such, may comprise information pertaining to thecontroller 132. As illustrated, thecontroller 132 may be communicatively coupled to theCS network 122 and, as such, may comprise and/or correspond to acyber node 124A of theCS network 122. Thecyber-physical topology 115 may further comprisecyber nodes 124B-D, which may represent and/or correspond tocyber components 120 by which portions of theCS network 122 are implemented (e.g., may comprise network devices, concentrators, switches, routers, and/or the like). - In some embodiments, the
cyber-physical topology 115 may further comprise information pertaining to relationships betweenphysical components 140 of thecontrol system 101. As illustrated inFIG. 1B , thecyber-physical topology 115 may comprise and/or represent relationships between sensor and/oractuator devices 144A-N/146A-N and respective PPV 155 (respectivephysical processes 150, physical process attributes 152A-N, and/or the like). Thecyber-physical topology 115 may comprise information pertaining torespective sensor devices 144A-N, and may indicate that one or more of the sensor device(s) 144A-N are operatively coupled to the physical process 150 (and/or respective physical process attributes 152A-N thereof). Thecyber-physical topology 115 may be further configured to indicatePPV 155 capable of being sensed, measured, and/or monitored byrespective sensor devices 144A-N, indicate types of sensor data capable of being acquired byrespective sensor devices 144A-N, and/or the like. Thecyber-physical topology 115 may identifyactuator devices 146A-N that are operatively coupled to the physical process 150 (and/or respective physical process attributes 152A-N thereof), indicatePPV 155 capable of being adjusted, manipulated, managed, protected, regulated, managed, and/or otherwise controlled byrespective actuator devices 146A-N, indicate types of physical operations capable of being implemented by therespective actuator devices 146A-N, and/or the like. AlthoughFIG. 1B illustrates embodiments of acyber-physical topology 115 comprising particularcyber-physical components 102, the disclosure is not limited in this regard, and may be adapted for use with any suitablecyber-physical components 102 operatively coupled to any number and/or type ofPPV 155 in any suitable configuration. - In some embodiments, the
cyber-physical topology 115 may further comprise information pertaining torespective CPCE 105 of thecontrol system 101. In theFIG. 1B embodiment, aCPCE 105 may comprise aphysical control section 149 and acyber section 129. Thephysical control section 149 may comprise and/or correspond tocyber-physical components 102 configured to sense, measure, monitor, adjust, manipulate, manage, regulate, and/or otherwise control aPPV 155 of a CPCE 105 (e.g., aphysical process 150 and/or one or more physical process attribute(s) 152 thereof). Thephysical control section 149 of aCPCE 105 may comprise computational component(s) 130 configured to implement control functions pertaining to a specifiedPPV 155, andphysical components 140 by which the control functions may be realized (e.g., acontroller 132 configured to implement a control function pertaining to aPPV 155 by use of one ormore sensor devices 144 and/or actuator devices 146). Thephysical control section 149 of aCPCE 105 may comprise and/or correspond to one or morephysical control couplings 148. As used herein, a “physical process control coupling” or “physical control coupling” 148 refers to a coupling that comprises and/or corresponds control of aPPV 155 by computational and/orphysical components 130/140 of aCPCE 105. Aphysical control coupling 148 may, therefore, refer to a coupling that comprises and/or corresponds to aphysical process 150 and/or one or more physical process attributes 152 controlled by aCPCE 105. Thecyber section 129 of aCPCE 105 may comprise information pertaining to cyber-physical couplings and/orpaths 126 between computational component(s) 130 of theCPCE 105 andphysical components 140 of theCPCE 105, including alternative cyber paths (e.g., different routes through theCS network 122 coupling thesame components 130/140). - As illustrated in
FIG. 1B , thecontrol system 101 ofFIG. 1A may comprise a plurality ofCPCE 105A-N, each configured to controlrespective PPV 155A-N. The CPCE 105A may be configured to controlPPV 155A, which may comprise and/or correspond to physical process attributes 152A-B (of the physical process 150), and so on, withCPCE 105N being configured to controlPPV 155N, which may comprise and/or correspond tophysical process attribute 152N. Thephysical control section 149A of theCPCE 105A may indicate that thecontroller 132 is configured to implement control functions pertaining to thePPV 155A usingsensor devices 144A-B andactuator devices 146A-B. Thephysical control section 149N of theCPCE 105N may indicate that thecontroller 132 is also configured to implement control functions pertaining toPPV 155N usingsensor device 144N andactuator device 146N. Thecyber sections 129A-N may comprise information pertaining to cyber-physical couplings and/orpaths 126 betweencomputation components 130 ofrespective CPCE 105A-N andphysical components 140 of therespective CPCE 105A-N. In theFIG. 1B embodiment, acyber path 126 may be represented as a sequence ofcyber nodes 124. The disclosure is not limited in this regard, however, and could be adapted to use any suitable means for representing and/or defining cyber-physical couplings and/or paths 126 (e.g., network address table, routing table, and/or the like). As illustrated inFIG. 1B , thecyber section 129A of theCPCE 105A may comprise a sequence ofcyber nodes 124 by which messages may be communicated between the controller 132 (atcyber node 124A) andcyber nodes 124 coupled to respectivephysical components 140 of theCPCE 105A (respective sensor devices 144A-B,actuator devices 146A-B, and/or the like, including alternative paths). Thecyber section 129N may indicatecyber paths 126 by which thecontroller 132 may be communicatively coupled to thephysical components 140 of theCPCE 105N (e.g.,sensor device 144N andactuator device 146N, respectively). - The
cyber-physical topology 115 may further comprise information pertaining to control paths through respective CPCE 105 (cyber-physical control element paths 108). As used herein, a “control path” or “cyber-physical control” (CPC)path 108 refers to a path throughcyber-physical components 102 of aCPCE 105 that comprises and/or corresponds to thePPV 155 of theCPCE 105. ACPCE 105 may comprise a plurality of CPC path(s) 108, each corresponding to a respective path by whichcomputational components 130 of theCPCE 105 control aPPV 155. ACPC path 108 may comprise: a firstcyber path 126, aphysical control coupling 148, and a secondcyber path 126. The firstcyber path 126 may comprise acyber path 126 between acomputational component 130 of theCPCE 105 and thephysical control coupling 148, and the secondcyber path 126 may comprise acyber path 126 from thephysical control coupling 148 back to thecomputational component 130. As disclosed above, aphysical control coupling 148 refers to a coupling that comprises and/or corresponds to aPPV 155 of a CPCE 105 (e.g., aphysical process 150 and/or one ormore attributes 152 thereof). As disclosed in further detail herein, aphysical control coupling 148 may comprise a coupling betweenphysical components 140 of theCPCE 105 that passes through and/or across the PPV 155 (e.g., may comprise a path from anactuator device 146 to asensor device 144 by, across, and/or through the PPV 155). Alternatively, or in addition, aphysical control coupling 148 may comprise a correlation between thePPV 155 and one or morecyber-physical components 102 operatively coupled thereto (e.g., may comprise correlation(s) between a state of thePPV 155 and/or a state of one or morephysical components 140 operatively coupled thereto). Therefore, as used herein, aCPC path 108 may refer to a cyber path comprising one or morecyber paths 126 of theCPCE 105, and one or morephysical couplings 148 of the CPCE 105 (thephysical couplings 148 comprising and/or corresponding torespective PPV 155 of the CPCE 105). -
FIG. 1B depicts anexemplary CPC path 108 of theCPCE 105A (labeled 108{105A} inFIG. 1B ). TheCPC path 108 illustrated inFIG. 1B may comprise: a firstcyber path 126 through thecyber section 129A of theCPCE 105A (e.g., a firstcyber path 126 from thecontroller 132 to theactuator device 146B), aphysical control coupling 148 through thephysical control section 149A of theCPCE 105A (e.g., aphysical coupling 148 from theactuator device 146B to thesensor device 144A by, across, and/or through physical process attribute 152A), and a secondcyber path 126 through thecyber section 129A (e.g., a secondcyber path 126 from thesensor device 144B back to the controller 132). - Referring back to
FIG. 1A , theRS agent 110 may be configured to determine and/or evaluate a cyber and/or physical state of thecontrol system 101 by use of and/or in accordance with, inter alia,cyber-physical state metadata 111. TheRS agent 110 may be configured to generatestate keys 160, which may comprise key data corresponding to the cyber-physical state of thecontrol system 101. TheRS agent 110 may be further configured to communicate thestate keys 160 throughrespective CPCE 105 of the control system 101 (in accordance with thecyber-physical topology 115 of thecontrol system 101, as disclosed above), obtainvalidation data 171 in response to communication ofrespective state keys 160, and determinecyber-physical health metadata 180 pertaining to thecontrol system 101 by, inter alia, comparingrespective state keys 160 tocorresponding validation data 171. -
FIG. 2 is a schematic block diagram of one embodiment of anRS agent 110, as disclosed herein. TheRS agent 110 may comprise, be embodied by, and/or be coupled to computingresources 201, which may include, but are not limited to: processingresources 202,storage resources 204,cyber communication resources 206, and/or the like. Theprocessing resources 202 may comprise any suitable means for implementing computational services, as disclosed herein (e.g., a processor, general-purpose processor, ASIC, programmable logic, a PLC, and/or the like). Thestorage resources 204 may comprise any suitable means for storing and/or maintaining data, such as volatile memory, random access memory (RAM), static RAM (SRAM), dynamic RAM (DRAM), non-volatile memory, battery-backed RAM, non-volatile storage resources, non-transitory storage resources, a non-transitory storage device, a non-transitory storage medium, a solid-state storage device, a solid-state storage medium, and/or the like. Thecyber communication resources 206 may comprise any suitable means for communicatively and/or operatively coupling theRS agent 110 to theCS network 122, such as a network interface, a network interface device, and/or the like. In some embodiments, RS agent 110 (and/or portions thereof) may be embodied as hardware components, such as thecomputing resources 201 disclosed above. Alternatively, or in addition, the RS agent 110 (and/or portions thereof) may be embodied as computer-readable instructions 205 stored within thenon-transitory storage resources 206. The computer-readable instructions 205 may be configured for execution by theprocessing resources 202 of theRS agent 110, which execution may cause theRS agent 110 to implement operations for securing acontrol system 101, as disclosed herein. - The
RS agent 110 may be configured to communicatestate keys 160 through selected regions of thecontrol system 101. Thestate keys 160 may comprise and/or be derived from the cyber-physical state of thecontrol system 101, as indicated bycyber-physical state metadata 111. In theFIG. 2 embodiment, thecyber-physical state metadata 111 may comprise, inter alia,cyber state metadata 220. Thecyber state metadata 220 may be configured to comprise, define, and/or characterize a cyber state of thecontrol system 101. As used herein, the “cyber state” of acyber-physical system 100, such as acontrol system 101 as disclosed herein, may refer to one or more of: a cyber state of one ormore components 102 of thecontrol system 101, a state ofcyber components 120 of thecontrol system 101, a configuration ofcyber components 120, a utilization of cyber components 120 (e.g., utilization of particularcyber components 120 and/or cyber nodes 124), a state of theCS network 122, a utilization of theCS network 122, a configuration of theCS network 122, and/or the like. - In some embodiments, the
cyber state metadata 220 may comprise, define, and/or characterize a cyber state at one or more cyber nodes (cyber nodes 124) of thecontrol system 101. Thecyber state metadata 220 may comprise, define, and/or characterize any suitable aspect of cyber communication at acyber node 124. In some embodiments, thecyber state metadata 220 may comprise statistical characteristics of cyber communication at particularcyber nodes 124, which characteristics may include, but are not limited to: communication speed, mean time delta between messages, mean message latency, number of messages per destination, number of message sources, mean message size, number of zero size messages, mean data length, maximum data length, data speed, and/or the like. Alternatively, or in addition, thecyber state metadata 220 may compriseparameters 222 corresponding to cyber communication between particular cyber nodes 124 (e.g., communication between acontroller 132 and one ormore sensor devices 144,actuator devices 146,automation controllers 134, and/or the like), which may include, but are not limited to: communication speed to/from thenodes 124, mean time delta between messages to/from thenodes 124, latency of messages communicated between thenodes 124, mean size of messages communicated between thenodes 124, and/or the like. Although particular examples ofcyber state metadata 220 and/orcyber state parameters 222 are described herein, the disclosure is not limited in this regard, and could be adapted to utilize any suitable information pertaining to a cyber state of acyber-physical system 100, including acquiring, estimating, determining, and/or monitoring any suitable type ofcyber state parameter 222 pertaining to any suitable characteristic and/or aspect of the cyber state of thecontrol system 101. - In some embodiments, the
cyber state metadata 220 may comprise, define, and/or characterize a cyber state ofrespective CPCE 105 of thecontrol system 101. As used herein, the cyber state of aCPCE 105 may refer to a cyber state ofcyber-physical components 102 of the CPCE 105 (e.g., a cyber state ofcyber components 120 by whichcomputational components 130 of theCPCE 105 are coupled to physical components of theCPCE 105, a state of thecyber section 129 of theCPCE 105, and/or the like, as disclosed herein). The cyber state of aCPCE 105 may, therefore, comprise and/or correspond to a subset of the cyber state of thecontrol system 101. The cyber state of aCPCE 105 may be comprised, defined, and/or characterized by the state of cyber communication atcyber nodes 124 by whichcomputational components 130 of theCPCE 105 are operatively and/or communicatively coupled to physical components of theCPCE 105. - In some embodiments, the
cyber-physical state metadata 111 may further comprisephysical state metadata 240, which may comprise, define, and/or characterize a physical state of thecontrol system 101. As used herein, the “physical state” of acyber-physical system 100, such as acontrol system 101 as disclosed herein, may refer to one or more of: a physical state of one or morecyber-physical components 102 of thecontrol system 101, a state ofphysical components 140 of the control system 101 (e.g., a state of one or more of aphysical process 150, physical process attributes 152,sensor devices 144,actuator devices 146, and/or the like), a configuration of physical components 140 (e.g., a configuration of one or more sensor and/oractuator devices 144/146), a utilization of physical components 140 (e.g., utilization of one or more sensor and/oractuator devices 144/146), a state of physical operations implemented byphysical components 140 of the control system (e.g., a state of data acquisition by one ormore sensor devices 144, a state of physical operations implemented by one or moreactuator devices 146, etc.), and/or the like. Thephysical state metadata 240 may comprise parameters (physical state parameters 242), which may comprise, define, and/or characterize: the physical state of thecontrol system 101, particularcyber-physical components 102, particularphysical components 140, particular regions of thecontrol system 101,particular CPCE 105,particular CPC paths 108, particularphysical control couplings 148, and/or the like. - In some embodiments, the
physical state metadata 240 may comprise, define, and/or characterize the physical state of one ormore sensor devices 144A-N of thecontrol system 101. Thephysical state metadata 240 pertaining to asensor device 144 may comprise any suitable information pertaining to thesensor device 144 including, but not limited to: a configuration of thesensor device 144, data acquired by thesensor device 144, characteristics of the acquired sensor data, diagnostic data, and/or the like. Thephysical state metadata 240 pertaining to asensor device 144 may comprise any suitable information pertaining to the configuration of thesensor device 144, as disclosed herein (e.g., a frequency at which thesensor device 144 is configured to acquire sensor data, acquisition period, resolution, communication settings, and/or the like). Thephysical state metadata 240 may further comprise information pertaining to data acquired by asensor device 144, which may comprise sensor and/or measurement data pertaining to a particularphysical process 150,physical process attribute 152, particularphysical components 140, and/or the like. Thephysical state metadata 240 may further comprise characteristics of data acquired by asensor device 144, which may include, but are not limited to: a maximum value of the sensor data, a minimum value of the sensor data, a distribution of the sensor data, statistical properties of the sensor data (e.g., a mean, deviation, and/or variance of the sensor data), and/or the like. Thephysical state metadata 240 may also include diagnostic data pertaining to thesensor device 144, which may comprise a status of thesensor device 144, an error rate of sensor data acquired by thesensor device 144, a condition of thesensor device 144, and/or the like. - The
physical state metadata 240 may further comprise, define, and/or characterize the physical state of one ormore actuator devices 146A-N of thecontrol system 101. Thephysical state metadata 240 pertaining to anactuator device 146 may comprise any suitable information pertaining to theactuator device 146 including, but not limited to: a configuration of theactuator device 146, physical operations implemented by theactuator device 146, diagnostic data, and/or the like. Thephysical state metadata 240 may comprise any suitable information pertaining to the configuration of anactuator device 146, as disclosed herein (e.g., response of theactuator device 146 to control signals, sensitivity of theactuator device 146, and/or the like). Thephysical state metadata 240 may indicate a degree to which theactuator device 146 is configured to modulate a particularphysical process 150 and/orphysical process attribute 152. By way of non-limiting example, the physical state of anactuator device 146 comprising a protecting relay may indicate whether the protective relay is open or closed. By way of further non-limiting example, the physical state of anactuator device 146 comprising a valve control device may indicate a degree to which the valve control device is open (e.g., fully open, 40% open, fully closed, or the like). By way of additional non-limiting example, the physical state of anactuator device 146 configured to supply power to an electric motor may indicate an amount of power being currently being supplied thereto (e.g., 100% power, 40% power, no power, wattage, and/or the like). Thephysical state metadata 240 may further comprise diagnostic information pertaining to theactuator device 146 comprise a status of theactuator device 146, a condition of theactuator device 146, and/or the like. Thephysical state metadata 240 pertaining to anactuator device 146 may further comprise sensor data pertaining to theactuator device 146 and/orphysical processes 150 coupled thereto, such as temperature, power draw, load, efficiency, and/or the like. - In some embodiments, the
physical state metadata 240 may further comprise and/or characterize a physical state ofcomputational components 130 on which one or morephysical components 140 depend (e.g.,computational components 130 that are tightly coupled to one or morephysical components 140, as disclosed herein). Thephysical state metadata 240 may be configured to characterize operation of thecontroller 132 of theCPCE 105 ofFIG. 1A , such as a response time of thecontroller 132 to sensor data acquired by one or more of thesensor devices 144A-N, a response time of a control function of the controller 132 (e.g., time between acquisition of sensor data and corresponding control operations), a latency for communication of control signal(s) to one ormore actuator devices 146A-N, and/or the like. - The
physical state metadata 240 may be further configured to define and/or characterize the state of one or morephysical processes 150 and/or physical process attributes 152.Physical state parameters 242 characterizing the state of aphysical process 150 and/orphysical process attribute 152 may comprise and/or correspond to a physical state of one ormore components 102 operatively coupled thereto (e.g., the state of one ormore sensor devices 144A-N,actuator devices 146A-N,computational components 130, and/or the like). Thephysical state parameters 242 pertaining to aphysical process 150 may include, but are not limited to: sensor data acquired one ormore sensor devices 144A-N operatively coupled to thephysical process 150, characteristics of the acquired sensor data, physical operations implemented by one ormore actuator devices 146A-N operatively coupled to thephysical process 150, characteristics of the physical operations, and/or the like. Thephysical state parameters 242 pertaining to aphysical process attribute 152 may include, but are not limited to: sensor data acquired one ormore sensor devices 144A-N operatively coupled to thephysical process attribute 152, characteristics of the acquired sensor data, physical operations implemented by one ormore actuator devices 146A-N operatively coupled to thephysical process attribute 152, characteristics of the physical operations, and/or the like. - In some embodiments,
physical state metadata 240 may be further configured to comprise, define, and/or characterize a physical state ofrespective CPCE 105 of thecontrol system 101. As used herein, the physical state of aCPCE 105 refers to a physical state ofcyber-physical components 102 of the CPCE 105 (e.g., a physical state ofcyber-physical components 102 involved in the implementation of theCPCE 105, as disclosed herein), a physical state of thePPV 155 of theCPCE 105, and/or the like. The physical state of theCPCE 105A illustrated inFIG. 1B may comprise and/or correspond to a physical state of one or more of thesensor devices 144A-B and/oractuator devices 146A-B. Alternatively, or in addition, the physical state of theCPCE 105A may further comprise and/or correspond to one or more of: a physical state of thePPV 155A (e.g., thephysical process 150 and/or physical process attributes 152A-B), a physical state of thecontroller 132, and/or the like, as disclosed herein. - As disclosed above, the
RS agent 110 may be communicatively coupled tocyber-physical state metadata 111 acquired by, inter alia, astate acquisition component 210. Thestate acquisition component 210 may comprise any suitable means for acquiringcyber-physical state metadata 111, as disclosed herein. Thestate acquisition component 210 may comprise acomputational component 130 and/or computer-readable instructions stored on a non-transitory storage medium, the instructions configured to cause thecomputational component 130 to acquire and/or maintaincyber-physical state metadata 111, as disclosed herein. Thestate acquisition component 210 may comprise one or more of a state monitor, state estimator, a state observer, and/or the like. Alternatively, or in addition, theRS agent 110 is configured to acquire the cyber-physical state of the control system 101 (and/orrespective CPCE 105 thereof), which may comprise: determining, estimating, and/or acquiring and/or maintainingcyber-physical state metadata 111 pertaining to the control system 101 (and/orrespective CPCE 105 thereof). TheRS agent 110 may be configured to determine, estimate, and/or otherwise acquire: a cyber state of the control system 101 (e.g., cyber state metadata 220), a physical state of the control system 101 (e.g., physical state metadata 240), and/or the like. TheRS agent 110 may be configured to acquire information pertaining to a cyber and/or physical state of thecontrol system 101 by, inter alia, requesting cyber and/or physical state information from respectivecyber-physical components 102 of thecontrol system 101, monitoringcyber-physical components 102 of thecontrol system 101, monitoring message(s) communicated on the CS network 122 (e.g., message sniffing, message sampling, packet inspection, deep packet inspection, and/or the like), monitoring sensor data communicated tocomputational components 130 of the control system 101 (from one or more physical components 140), monitoring control signals communicated fromcomputational components 130 of the control system 101 (to one or more physical components 140), and/or the like. TheRS agent 110 may be further configured to determine and/or estimate the cyber and/or physical state of thecontrol system 101 by use of the acquired information. - In some embodiments, the RS agent 110 (and/or state acquisition component 210) may be configured to maintain and/or determine one or more
cyber-physical state signatures 118. As used herein, a “cyber-physical state signature” (CPSS) 118 refers to a signature configured to comprise, characterize, validate, authenticate, correspond to, and/or be derived from the cyber and/or physical state of a cyber-physical system 100 (and/or a portion thereof), such as thecontrol system 101, as disclosed herein. ACPSS 118 may comprise a signature configured to comprise, characterize, validate, authenticate, correspond to, and/or be derived fromcyber-physical state metadata 111 of the control system 101 (and/or portion(s) thereof). As used herein, aCPSS 118 may comprise and/or refer to one or more of: acyber state signature 228, aphysical state signature 248, and/or the like. As used herein, acyber state signature 228 refers to aCPSS 118 configured to comprise, characterize, validate, authenticate, correspond to, and/or be derived fromcyber state metadata 220 of the control system 101 (and/or portion(s) thereof). As used herein, aphysical state signature 248 refers to aCPSS 118 configured to comprise, characterize, validate, authenticate, correspond to, and/or be derived fromphysical state metadata 240 of the control system 101 (and/or portion(s) thereof). - A
CPSS 118 may be generated by, inter alia, applying a signature generating function to selected portions of thecyber-physical state metadata 111. The signature generating function may comprise any suitable means for generating a signature, including but not limited to: a cryptographic signature function, a non-cryptographic signature function, a checksum, a hash function, a cryptographic hash function, a non-cryptographic hash function, a piecewise hash function, a Context Triggered Piecewise Hash (CTPH) function, a fuzzy hash function, a Nilsimsa hash function, and/or the like. Deriving aCPSS 118 may comprise: serializing thecyber-physical state metadata 111 and/or selected portion(s) thereof (e.g., serializing data structure(s) comprising thecyber-physical state metadata 111,cyber state metadata 220,physical state metadata 240, selected portion(s) thereof, and/or the like), and applying a signature generation function to the serialized data. Generating acyber state signature 228 may comprise: serializing thecyber state metadata 220 and/or portion(s) thereof, and applying a signature generation function to the serialized data. Generating aphysical state signature 248 may comprise: serializing thephysical state metadata 240 and/or portion(s) thereof, and applying a signature generation function to the serialized data. - In some embodiments, the
RS agent 110 may be configured to generateCPSS 118 in accordance with a signature schema 116 (disclosed in further detail herein), such that portions of aCPSS 118 may be correlated to particular portions of the cyber-physical state metadata 111 (and/or other CPSS 118). TheRS agent 110 may be configured to generateCPSS 118 in accordance with a CTPH signature generating function, which may comprise: A) initializing a rolling hash function and a non-rolling hash function, B) feeding the serialized data to each of the rolling hash function and the non-rolling hash function, C) in response to the rolling hash function producing a predetermined trigger value: recording at least a portion of the current state of the non-rolling hash function in the signature output, and continuing back at (A). In one embodiment, the rolling hash function r comprises x, y, z, c, and window parameters, wherein x, y, z, and c are initialized to zero; window is an array of N values (each initialized to zero); and the rolling hash is updated in response to a byte d, in accordance with the following pseudo code: -
update(r) { y = y − x y = y + N *d x = x + d x = x − window [c mod N] window [c mod N] = d c = c + 1 z = z << 5 z = z ⊕ d return (x + y + z) } - The non-rolling hash function may comprise any suitable means for computing a non-rolling hash value including, but not limited to: a cryptographic hash function, a non-cryptographic hash function, and/or the like. The non-rolling hash function may comprise one or more of an MD5 hash function, a Fowler-Noll-Vo (FNV) hash function, and/or the like. The trigger of the rolling hash function may correspond to a size and/or organization of the
cyber-physical state metadata 111, thecyber-physical topology 115, a signature schema 116 (disclosed in further detail herein), and/or the like. TheRS agent 110 may be further configured to derive a CPSS 118 (state sig) from cyber and/or physical state metadata (state metadata) at each of two block sizes b and b*2, in accordance with the following pseudo code: -
input = serialize(state_metadata) b = determine_block_size(input) initialize_rolling hash(r) initialize_traditional_hash(h1) initialize_traditional_hash(h2) state_sig1=“” state_sig2=“” for each byte d in input { update_rolling hash(r,d) update_traditional_hash(h1,d) update_traditional_hash(h2,d) if (get_rolling_hash(r) mod b = b − 1) then { state_sig1+= get_traditional_hash(h1) mod 64 initialize_traditional_hash(h1) } if (get_rolling_hash(r) mod (b * 2) = b * 2 − 1) then { state_sig2+= get_traditional_hash(h2) mod 64 initialize_traditional_hash(h2) } } state_sig = b+ “:” + state_sig1+ “:” state_sig2 - In some embodiments,
CPSS 118 may correspond to respective portions of thecontrol system 101. TheRS agent 110 may comprise and/or maintain a plurality ofCPSS 118, eachCPSS 118 corresponding to a cyber and/or physical state of a respective portion(s) of the control system 101 (and/or respective portion of the cyber-physical state metadata 111). Alternatively, or in addition, portion(s) of aCPSS 118 may correspond to portion(s) of the control system 101 (and/or portion(s) of the cyber-physical state metadata 111). In some embodiments, theRS agent 110 may be configured to generate and/or manageCPSS 118 in accordance with asignature schema 116. As used herein, asignature schema 116 refers to means by whichCPSS 118 may be correlated with respective portions of the control system 101 (e.g., particularcyber-physical components 102,CPCE 105,CPC paths 108,CPCE sections 109, and/or the like), portions of thecyber-physical state metadata 111, and/orother CPSS 118. Thecyber-physical topology 115 may, therefore, comprise and/or correspond to thesignature schema 116. Thesignature schema 116 may define a scheme by whichCPSS 118 are generated fromcyber-physical state metadata 111. Thesignature schema 116 may specifycyber-physical state metadata 111 to incorporate into one ormore CPSS 118, determine a manner in which the specifiedcyber-physical state metadata 111 are serialized, specify a configuration of the signature generation function by which theCPSS 118 are derived from the serialized data, and/or the like. Thesignature schema 116 may be configured to correlate particular CPSS 118 (and/or portions thereof) with thecyber-physical state metadata 111 from which theparticular CPSS 118 were derived. Thesignature schema 116 may be further configured to correlate CPSS 118 (and/or portions thereof) with portions of the control system 101 (e.g., portions of thecontrol system 101 corresponding to thecyber-physical state metadata 111 from which theCPSS 118 were derived). Thesignature schema 116 may be configured to correlateCPSS 118 by, inter alia, identifying thecyber-physical state metadata 111 from whichrespective CPSS 118 were derived, and correlating the identifiedcyber-physical state metadata 111 to thecyber-physical components 102,CPCE 105,CPC paths 108, and/orCPCE sections 109 characterized thereby. -
FIG. 3A illustrates embodiments of data structure(s) comprising embodiments ofcyber-physical state metadata 111 and/orsignature schema 116, as disclosed herein. Thecyber-physical state metadata 111 of theFIG. 3A embodiment may correspond to thecyber-physical topology 115 illustrated inFIG. 1B . Thecyber-physical state metadata 111 illustrated inFIG. 3A may comprise, define, and/or characterize a cyber and/or physical state ofCPCE 105A (cyber-physical state metadata 111 pertaining to other portions of thecontrol system 101, such asCPCE 105N are omitted to avoid obscuring details of the disclosed embodiments). InFIG. 3A , thecyber-physical state metadata 111 may comprisecyber state metadata 220 andphysical state metadata 240, as disclosed herein. Thecyber state metadata 220 may comprise, define, and/or characterize a cyber state of theCPCE 105A (e.g., a state of thecyber section 129A ofCPCE 105A). Thecyber state metadata 220 may comprise information pertaining to a state of respective cyber regions of thecontrol system 101. As used herein, a “cyber region” refers to particular cyber components 120 (e.g., cyber nodes 124),CPCE 105,CPE paths 108,CPCE sections 109,cyber paths 126, and/or the like. Thecyber state metadata 220 may comprise information pertaining to a state of thecyber section 129A ofCPCE 105A. Thecyber state metadata 220A may comprise, define, and/or characterize a state of cyber communication atcyber node 124A (e.g., at the controller 132) by use of any suitable information, as disclosed herein. In theFIG. 3A embodiment, thecyber state metadata 220A may comprisecyber state parameters 212, which may comprise and/or correspond to statistical characteristics of cyber communication atcyber node 124A, as disclosed herein (e.g., time between packets, packet latency, number of packets per destination, and/or the like). Thecyber state parameters 212 of thecyber state metadata 220A may further comprise information pertaining to acquisition of thecyber state metadata 220A (e.g., may indicate an age of thecyber state metadata 220A, particularcyber state parameters 212, and/or the like). Thecyber state metadata 220B-E may comprise, define, and/or characterize a state of cyber communication atcyber nodes 124B-E, respectively (individualcyber state parameters 212 of 220B-E not shown inFIG. 1B to avoid obscuring details of the illustrated embodiments). Alternatively, or in addition, thecyber state metadata 220 may be configured to maintain information pertaining to a state of cyber regions comprising a plurality of cyber components 120 (and/or cyber nodes 124), such as information pertaining to particularcyber paths 126, CPCEcyber sections 129, and/or the like. Thecyber state metadata 220F may comprise, define, and/or characterize a state of cyber communication between thecontroller 132 andsensor device 144B and, as such, may comprisecyber state parameters 212 as disclosed above and/orcyber state parameters 212 pertaining to packet speed, data speed, and/or latency for cyber communication therebetween (e.g., a state ofcyber paths 126 comprisingcyber nodes cyber state metadata 220G may comprise information pertaining to cyber communication between the controller andsensor device 144A (e.g.,cyber paths 126 comprisingcyber nodes Cyber state metadata 220H may comprise information pertaining to cyber communication between thecontroller 132 andactuator devices 146A-B (e.g.,cyber paths 126 comprisingcyber nodes cyber section 129A ofCPCE 105A, including the respectivecyber nodes 124A-E and/or respectivecyber paths 126 coupling thecontroller 132 to respective physical components 140 (e.g.,sensor devices 144A-B andactuator devices 146A-B). In some embodiments,cyber state metadata 220Z may comprise information pertaining to a cyber state of thecontrol system 101, including the cyber state of theCS network 122,respective CPCE 105,CPCE paths 108,cyber sections 129, theCS network 122, and/or the like. - The
physical state metadata 240 illustrated inFIG. 3A may comprise, define, and/or characterize the state of, inter alia, thephysical control section 149A ofCPCE 105A (e.g., the physical state ofcyber-physical components 102 of thephysical control section 149A, such as thesensor devices 144A-B,actuator devices 146A-B, and/or the like). Thephysical state metadata 240A may comprise, define, and/or characterize a physical state of thesensor device 144A by use of any suitable physical state information, as disclosed herein. Thephysical state metadata 240A may comprisephysical state parameters 242, which may comprise and/or correspond to one or more of: sensor data acquired by thesensor device 144A, a distribution of the acquired sensor data (e.g., an average, mean, maximum, minimum, and/or deviation of the acquired sensor data), a configuration of thesensor device 144A (e.g., sensor acquisition frequency), and/or the like. In some embodiments, thephysical state metadata 240A may further compriseacquisition parameters 242, which may comprise information pertaining to the acquisition of thephysical state metadata 240A (and/or respectivephysical parameters 242 thereof), as disclosed herein. Thephysical state metadata 240B may comprise, define, and/or characterize a physical state of thesensor device 144B. Thephysical state metadata 240B may comprise a plurality ofphysical state parameters 242, as disclosed above (individualphysical state parameters 242 not shown to avoid obscuring details of the disclosed embodiments). Thephysical state metadata 240C may comprise, define, and/or characterize a state of theactuator device 146A by use of any suitable physical state information, as disclosed herein. Thephysical state metadata 240C may comprisephysical state parameters 242, which may comprise and/or correspond to one or more of: an actuation status of theactuator device 144A (e.g., a status and/or state of physical operations implemented by theactuator device 144A), actuator data, and/or the like. The actuator data may comprise information pertaining to theactuator device 144A, such as a configuration of theactuator device 144A, a temperature of theactuator device 144A, a load on theactuator device 144A, diagnostics, and/or the like. Thephysical state metadata 240B may comprise, define, and/or characterize a physical state ofactuator device 146B. Thephysical state metadata 240D may comprise a plurality ofphysical state parameters 242, as disclosed above (individualphysical state parameters 242 not shown to avoid obscuring details of the disclosed embodiments). - In some embodiments, the
physical state metadata 240 may further comprisephysical state metadata 240E, which may comprise, define, and/or characterize a physical state ofcomputational components 130 of theCPCE 105A (e.g., a physical state of the controller 132). Thephysical state metadata 240E may comprise any suitable information pertaining to the physical state of thecontroller 132, includingphysical state parameters 242 comprising and/or corresponding to one or more of: the control function implemented by the controller 132 (e.g., parameters of the control function, a target for the physical process attribute 152A, and/or the like), an input state of the controller 132 (e.g., a state of input data received at thecontroller 132, which may comprise and/or correspond to sensor data communicated to thecontroller 132 from thesensor device 144A), an output state of the controller 132 (e.g., control directives and/or signals output by thecontroller 132 to theactuator device 144A), a computational latency of the controller 132 (e.g., time required to perform computational and/or control operations), and/or the like. In some embodiments, thephysical state metadata 240 may further comprise information pertaining to a physical state of respective physical control regions. As used herein, a “physical control region” refers to particularcomputational computation components 130,physical components 140, and/or PPV 155 (e.g., computational and/orphysical components 130/140 ofrespective CPCE 105,CPC paths 108,physical control sections 149, and/or the like). In theFIG. 3A embodiment, thephysical state metadata 240F may be configured to characterize a state ofphysical control section 149A and, as such, may comprise and/or correspond tophysical state metadata 240A-E. In some embodiments, thephysical state metadata 240Z may be configured to characterize a physical state of thecontrol system 101 and, as such, may comprise and/or correspond to physical state information pertaining to substantially all of the physical and/orcomputational components 140/130 of the control system,respective CPCE 105,CPCE paths 108,physical couplings 148,physical control sections 149, and/orPPV 155 of thecontrol system 101. - In some embodiments, the
physical state metadata 220 may further comprise information pertaining tophysical control couplings 148 and/orphysical control sections 149 ofrespective CPCE 105.FIG. 3A illustrates embodiments ofphysical control metadata 249 pertaining to thephysical control section 149A ofCPCE 105A. In theFIG. 3A embodiment, thephysical control metadata 249 is organized withphysical state metadata 240E pertaining to thecontroller 132 ofCPE 105A. The disclosure is not limited in this regard, however, and could be configured to maintainphysical control metadata 249 in any suitable means, location, and/or data structure. As used herein,physical control metadata 249 refers to information pertaining the control ofparticular PPV 155 by particular computational and/orphysical components 130/140.Physical control metadata 249 may comprise a physical control model configured to, inter alia, correlate a state aPPV 155 with control inputs and/or outputs.Physical control metadata 249 may comprise a mathematical model by which the state ofactuator devices 146 coupled to thePPV 155 may be correlated with the state ofsensor devices 144 coupled to the PPV 155 (and vice versa).Physical control metadata 249 may correspond to control function(s) pertaining to the PPV 155 (e.g., may correspond to the transfer function and/or other control model by which acontroller 132 determines control outputs for one or moreactuator devices 146 in response to control inputs and/or feedback pertaining to thePPV 155, received from the sensor and/oractuator devices 144/146).Physical control metadata 249 may provide for verifying a state of aphysical control coupling 148, which may comprise determining whether the physical state of thePPV 155 as indicated by the sensor device(s) 144 coupled thereto is consistent with the physical state of thePPV 155 as indicated by the actuator device(s) 146 coupled thereto (and vice versa). By way of non-limiting example, thePPV 155 of aphysical control coupling 148 may comprise a motor.Sensor devices 144 coupled to the motor may indicate an amount of mechanical power being output by the motor (e.g., may indicate a speed of the motor in rotations per minute (RPM), load on the motor, torque, and/or the like). Anactuator device 146 coupled to the motor may selectively couple the motor to an electrical power source and, as such, the state of theactuator device 146 may indicate an amount of power being supplied to the motor. Thephysical control metadata 249 may indicate that the output power of the motor (as indicated by the sensor devices 144) should be within a specified range of the input power (as indicated by the state of the actuator device 146). Inconsistencies may indicate compromise of one or more of the computational and/or physical components 140 (one or more of thecontroller 132, sensor and/oractuator devices 144/146), failure of one or more of the physical components 140 (and/or thePPV 155 itself), and/or the like. By way of further non-limiting example, thePPV 155 of aphysical control coupling 148 may comprise a protective relay configured to, inter alia, control branch breakers coupled to one or more generators, one or more loads, and/or the like. The state of the sensor and/oractuator devices 144/146 may indicate whether generators and/or loads are in phase with one another, whether one or more the branches is experiencing a fault (e.g., a ground fault, phase-to-phase fault), and/or the like. Thephysical control metadata 249 may indicate whether the state of thePPV 155 is consistent with the control functions thereof (e.g., may model the protection function implemented by the corresponding controller, which may indicate that out-of-phase conditions return to stability within threshold period(s) of time, grounded branches are tripped within threshold period(s) of time, and/or the like). - As disclosed above, generating
CPSS 118 in accordance with thesignature schema 116 may comprise generatingCPSS 118 corresponding to particular regions of the control system 101 (e.g.,cyber-physical components 102,CPCE 105,CPC paths 108,CPCE sections 109, and/or the like). Generating aCPSS 118 corresponding to particularcyber-physical components 102 of thecontrol system 101 may comprise: identifying portion(s) of thecyber-physical state metadata 111 pertaining to the particularcyber-physical components 102, and deriving aCPSS 118 from the identifiedcyber-physical state metadata 111, as disclosed herein. Generating aCPSS 118 corresponding to aparticular CPCE 105 may comprise: identifying portion(s) of thecyber-physical state metadata 111 pertaining to the cyber-physical state of the CPCE 105 (e.g., identifying portion(s) of thecyber-physical state metadata 111 pertaining tocyber-physical components 102 within one or more CPCE sections 109), and deriving aCPSS 118 from the identifiedcyber-physical state metadata 111, as disclosed herein. In some embodiments, theRS agent 110 may be further configured to generateCPSS 118 corresponding toparticular CPC paths 108. Generating aCPSS 118 corresponding to aparticular CPC path 108 may comprise: identifying portion(s) of thecyber-physical state metadata 111 pertaining tocyber-physical components 102 included in theCPC path 108, and deriving aCPSS 118 from the identifiedcyber-physical state metadata 111, as disclosed herein. Thesignature schema 116 may be configured to correlateCPSS 118 with the portion(s) of thecyber-physical state metadata 111 from which theCPSS 118 were derived. Thesignature schema 116 may be further configured to correlateCPSS 118 with particularcyber-physical components 102,CPCE 105,CPC paths 108,CPCE sections 109, and/or the like. - In some embodiments, the
RS agent 110 may be further configured to generatecyber state signatures 228 in accordance with thesignature schema 116, as disclosed herein. Generatingcyber state signatures 228 in accordance with thesignature schema 116 may comprise generatingcyber state signatures 228 corresponding to selected portions of the cyber state metadata 220 (e.g., portions of thecyber state metadata 220 corresponding to selectedcyber-physical components 102,CPCE 105,CPC paths 108,CPCE sections 109, and/or the like), and correlating the selected portions of thecyber state metadata 220 with respective cyber state signatures 228 (and/or portions of the cyber state signatures 228) derived therefrom. Thesignature schema 116 may, therefore, provide for correlatingcyber state signatures 228 with particular portions of thecyber state metadata 220 and/or particular portions of thecontrol system 101. - In some embodiments,
physical state signatures 248 may be derived in accordance with thesignature schema 116, as disclosed herein. Generatingphysical state signatures 248 in accordance with thesignature schema 116 may comprise generatingphysical state signatures 248 corresponding to selected portions of the physical state metadata 240 (e.g., portions of thephysical state metadata 240 corresponding to selectedcyber-physical components 102,CPCE 105,CPC paths 108,CPCE sections 109, and/or the like), and correlating the selected portions of thephysical state metadata 240 with respective physical state signatures 248 (and/or portions of the physical state signatures 248) derived therefrom. Thesignature schema 116 may, therefore, provide for correlatingphysical signatures 248 with particular portions of thephysical state metadata 240 and/or particular portions of thecontrol system 101. -
FIG. 3A depicts embodiments of asignature schema 116, as disclosed herein. Thesignature schema 116 ofFIG. 3A may correspond to thecyber-physical topology 115 ofFIG. 1B and, in particular, to a cyber-physical topology of theCPCE 105A. Thesignature schema 116 illustrated inFIG. 3A may definecyber state signatures 228 corresponding to thecyber section 129A of theCPCE 105A. Thesignature schema 116 may define acyber state signature 228A, which may be derived fromcyber state metadata 220A and, as such, may correspond to a cyber state of the controller 132 (e.g., a state of cyber communication atcyber node 124A). Thesignature schema 116 may further definecyber state signatures 228B-E, which may be derived fromcyber state metadata 220B-E, respectively and, as such, may correspond to a state of cyber communication at respectivecyber nodes 124B-E ofcyber section 129A. Alternatively, or in addition, thesignature schema 116 may definecyber state signatures 228 corresponding to cyber regions comprising a plurality of cyber components 120 (and/or cyber nodes 124), such as information pertaining to particularcyber paths 126, CPCEcyber sections 129, and/or the like. Thecyber state signature 228F may be configured to characterizecyber paths 126 between thecontroller 132 andsensor device 144B and, as such, may be derived fromcyber state metadata 220A-C and/or 220F. Thesignature schema 116 may further define acyber state signature 228G, which may be configured to characterize cyber communication between thecontroller 132 andsensor devices 144A and, as such, may be derived fromcyber state metadata 220A-D and/or 220G. Thesignature schema 116 may further define acyber state signature 228H, which may be configured to characterize cyber communication between thecontroller 132 andactuator devices 146A-B and, as such, may be derived fromcyber state metadata signature schema 116 may further define a cyber state signature 228I, which may be configured to characterize a state of thecyber section 129A and, as such, may be derived from one or more ofcyber state metadata 220A-H. Thesignature schema 116 may further define acyber state signatures 228Z, which may be configured to characterize a cyber state of the control system 101 (e.g., the CS network 122) and, as such, may be derived from substantially all of thecyber state metadata 220. Thesignature schema 116 may define othercyber state signatures 228 corresponding to other portions of thecontrol system 101,other CPCE 105B-N, and/or the like (not shown inFIG. 3A to avoid obscuring details of the illustrated embodiments). - The
signature schema 116 may be further configured to definephysical state signatures 248, which may be derived from specified portion(s) of thephysical state metadata 240 and, as such, may characterize a physical state of respective:cyber-physical components 102,respective CPCE 105,respective CPC paths 108,respective CPCE sections 109, and/or the like. In theFIG. 3A embodiment, thesignature schema 116 may be configured to definephysical state signatures 248 corresponding to theCPCE 105A illustrated inFIG. 1B . Thesignature schema 116 may definephysical state signatures 248A-D, which may be derived from respectivephysical state metadata 240A-D and, as such, may correspond to a physical state of respective sensor/actuator devices 144A-B/146A-B of thephysical control section 149A ofCPCE 105A. Thesignature schema 116 may further define aphysical state signature 248 pertaining to the controller 132 (derived fromphysical state metadata 240E). In some embodiments, thesignature schema 116 may further define signature schemas pertaining to thePPV 155A ofCPCE 105A, such as aphysical state signature 248F corresponding to the physical state of the sensor/actuator devices 144A-B/146A-B coupled to physical process attributes 152A-B (derived fromphysical state metadata 240A-D). Thesignature schema 116 may further define aphysical state signature 248G, which may correspond to the physical state of thephysical control section 149A ofCPCE 105A, including a physical state of thecomputational components 130 thereof (e.g., a physical state of thecontroller 132 and the sensor/actuator devices 144A-B/146A-B, derived fromphysical state metadata 240A-E and/or 240F). In some embodiments, thesignature schema 116 may further define aphysical state signature 248N, which may be derived from substantially all of the physical state metadata 240 (e.g.,physical state metadata 240A-N) and, as such, may correspond to a physical state of thecontrol system 101. Thesignature schema 116 may define otherphysical signatures 248 corresponding to other portions of thecontrol system 101,other CPCE 105, and/or the like (not shown inFIG. 3A to avoid obscuring details of the illustrated embodiments). - In some embodiments, the
signature schema 116 may define relationships betweenrespective CPSS 118. The relationships may correspond to thecyber-physical state metadata 111 from whichrespective CPSS 118 were derived. The relationships may be established by, inter alia, generatingCPSS 118 in accordance with thesignature schema 116 and/or by configuring the signature generating function in accordance with thesignature schema 116. As disclosed above, the signature generating function may comprise a context triggered and/or piecewise signature generating function (e.g., a CTPH and/or fuzzy hash function), which may be configured to generate a sequence of signature values in response to input data (and/or trigger(s) detected therein). TheRS agent 110 may generateCPSS 118, such that respective portions and/or sequences thereof correspond to respective portions of the cyber-physical state metadata 111 (e.g., respectivecyber state metadata 220A-N,physical state metadata 240A-N, and/or the like). - The
RS agent 110 and/orsignature schema 116 may be configured to map portions of aCPSS 118 to respectivecyber-physical state metadata 111, portions of thecontrol system 101, and/or one or moreother CPSS 118. As illustrated inFIG. 3B , theRS agent 110 and/orsignature schema 116 may define mappings between thecyber state signatures 228A-N and/orphysical state signatures 248A-N illustrated inFIG. 3A . Thesignature schema 116 may indicate that thecyber state signature 228N is derived from substantially all of the cyber state metadata 220 (e.g.,cyber state metadata 220A-N) and, as such, covers, encompasses, and/or comprises each of thecyber state signatures 228A-I. Thesignature schema 116 may identify portions and/or sequences within thecyber state signature 228N that comprise and/or correspond to respectivecyber state signatures 228A-I (and vice versa). As illustrated inFIG. 3B , thesignature schema 116 may indicate that a first portion of thecyber state signature 228N comprisescyber state signature 228A, a second portion comprisescyber state signature 228B, and so on, with a fifth portion comprisingcyber state signature 228E. Thesignature schema 116 may further define mappings between respectivecyber state signatures 228A-I. Thesignature schema 116 may indicate thatcyber state signature 228F comprisescyber state signatures 228A-C,cyber state signature 228G comprisescyber state signatures 228A-D,cyber state signature 228H comprisescyber state signatures cyber state signatures 228A-H, and so on. - As illustrated in
FIG. 3B , theRS agent 110 and/orsignature schema 116 may be further configured to define mappings between thephysical state signatures 248A-N ofFIG. 3A . Thesignature schema 116 may indicate that thephysical state signature 248N is derived from substantially all of the physical state metadata 240 (e.g.,physical state metadata 240A-N) and, as such, covers, encompasses, and/or comprises respectivephysical state signatures 248A-G, and may indicate portions and/or sequences within thephysical state signature 248N that comprise the respectivephysical state signatures 248A-G (and vice versa). As illustrated inFIG. 3B , thesignature schema 116 may indicate that a first portion of thephysical state signature 248N comprisesphysical state signature 248A, a second portion comprisesphysical state signature 248B, and so on, with a fifth portion comprisingphysical state signature 248E. Thesignature schema 116 may further define mappings between respectivephysical state signatures 248A-G. Thesignature schema 116 may indicate thatphysical state signature 248F comprisesphysical state signatures 248A-D,physical state signature 248G comprisesphysical state signatures 248A-E, and so on. Although particular embodiments ofCPSS 118 and/orsignature schema 116 are described herein, the disclosure is not limited in this regard and may be adapted for use with any suitable signature types generated in accordance with any suitable scheme. - Referring back to
FIG. 1A , as disclosed above, a cyber-physical attack may cause compromisedcomponents 102 to implement adversarial operations and/or inject adversarial signals into thecontrol system 101. A cyber-physical attack may result in one ormore components 102 providing adversarial cyber-physical state information, resulting in an inaccurate or even adversarial estimation of the cyber-physical state of thecontrol system 101. TheRS agent 110 may be configured to ensure that thecyber-physical state metadata 111 is valid by, inter alia, monitoringCPCE 105 of thecontrol system 101, eachCPCE 105 comprising acyber section 129, aphysical control section 149, and/or the like, as disclosed herein. TheRS agent 110 may be configured to: jointly acquire cyber and/or physical validation information, verify the integrity of the cyber-physical state of thecontrol system 101, and/or use the verified cyber-physical data to evaluate a cyber-physical health of thecontrol system 101. TheRS agent 110 may jointly assess the cyber and physical state of thecontrol system 101, which may enable theRS agent 110 to detect cyber-physical attacks, including: attacks directed againstparticular components 102 of thecontrol system 101, attacks through the physical environment, attacks through the computational environment, and/or the like. - In some embodiments, the
RS agent 110 may be configured to validate portions of thecyber-physical state metadata 111 and/or assess a cyber-physical health of thecontrol system 101. As illustrated inFIG. 1A , theRS agent 110 may be configured to communicate cyber-physical state keys (state keys 160) throughCPCE 105 of thecontrol system 101, receivevalidation data 171 in response to communication of thestate keys 160, and generatevalidation keys 170 from thecorresponding validation data 171. TheRS agent 110 may be further configured to validate a cyber-physical state of thecontrol system 101 and/or determine a cyber-physical health of thecontrol system 101 based on, inter alia, error introduced during communication of thestate keys 160 through portions of thecontrol system 101. - Referring back to
FIG. 2 , theRS agent 110 may be configured to generatestate keys 160 comprising cyber-physicalkey data 162. As used herein, “cyber-physical key data” (CPKD) 162 may comprise any suitable information pertaining to a cyber-physical state of thecontrol system 101, as disclosed herein. TheCPKD 162 of astate key 160 may correspond to a cyber-physical state of thecontrol system 101. TheCPKD 162 may comprise, correspond to, and/or be derived from the cyber-physical state metadata 111 (and/or portion(s) thereof), which may include, but is not limited to:cyber-physical state parameters 112,CPSS 118,cyber state metadata 220,cyber state parameters 222,cyber state signatures 228,physical state metadata 240,physical state parameters 242,physical state signatures 248, portion(s) thereof, and/or the like. In some embodiments, generating theCPKD 162 for astate key 160 may comprise incorporatingCPKD 162 of one or more previously generatedstate keys 160. TheCPKD 162 of astate key 160 may comprise cyber key data (a cyber seed and/or cyber seed data) and/or physical key data (a physical seed and/or physical seed data). The cyber key data may be derived from cyber state metadata 220 (and/or portion(s) thereof). The physical key data may be derived from physical state metadata 240 (and/or portion(s) thereof). - The
RS agent 110 may be further configured to communicate thestate keys 160 throughrespective CPCE 105 of thecontrol system 101, acquirevalidation data 171 in response to the communicating, and generatecorresponding validation keys 170 by use of the acquiredvalidation data 171. Thevalidation keys 170 may comprise cyber-physical validation data (CPVD) 172, which may correspond to theCPKD 162 of thecorresponding state key 160. TheRS agent 110 may be configured to compare thevalidation keys 170 to correspondingstate keys 160, which may comprise comparingCPKD 162 of thestate keys 160 to CPVD 172 of thecorresponding validation keys 170. As disclosed in further detail herein, theRS agent 110 may be configured to determinecyber-physical health metadata 180 pertaining to thecyber-physical system 100 based, inter alia, on the comparing. - As illustrated in
FIG. 2 , theRS agent 110 may be configured to generatestate keys 160 by use of, inter alia, thecyber-physical state metadata 111, as disclosed herein. Thestate keys 160 generated by theRS agent 110 may comprise respective identifiers, which may be configured to: distinguish thestate keys 160 fromother state keys 160 generated thereby, determine a temporal order of thestate keys 160, provide for associatingvalidation data 171 received at theRS agent 110 withrespective state keys 160, provide for synchronizing the state keys 160 (and/orvalidation data 171 returned in response to the state keys 160), and/or the like. In some embodiments, eachstate key 160 generated by theRS agent 110 may comprise one or more of an identifier, a unique identifier, a sequence number, a sequence identifier, a timestamp, synchronization data, and/or the like. As disclosed above, eachstate key 160 may compriseCPKD 162, as disclosed herein. In some embodiments, theCPKD 162 may correspond to a current, acquired cyber-physical state of thecontrol system 101. TheCPKD 162 of eachstate key 160 may, therefore, comprise, correspond to, and/or be derived from at least a portion of: the cyber state of the control system 101 (e.g., comprise at least a portion of thecyber state metadata 220, one or morecyber state parameters 222, one or morecyber state signatures 228, and/or the like), and the physical state of the control system 101 (e.g., comprise at least a portion of thephysical state metadata 240, one or morephysical state parameters 242, one or morecyber state signatures 248, and/or the like). - In some embodiments, the
RS agent 110 may be configured to generatestate keys 160 that comprise “corresponding”CPKD 162. As used herein, “corresponding”CPKD 162 refers toCPKD 162 that comprises, corresponds to, and/or is derived from a cyber and/or physical state of corresponding regions of thecontrol system 101. As used herein, a region of acontrol system 101 may refer to one or morecyber-physical components 102,CPCE 105,CPC paths 108,CPCE sections 109,cyber nodes 124,cyber paths 126,PPV 155,physical process couplings 148, and/or the like. Cyber-physical state information that covers a region of thecontrol system 101 may, therefore, refer to cyber-physical state information that comprises, defines, and/or characterizes a cyber and/or physical state of the region. CorrespondingCPKD 162 may refer to CPKD 162 that that comprisecyber state metadata 220 andphysical state metadata 240 that cover corresponding regions of thecontrol system 101. TheRS agent 110 may be configured to generateCPKD 162 from cyber state information (e.g.,cyber state metadata 220,cyber state parameters 222, cyber state signatures 228) and physical state information (e.g.,cyber state metadata 220,cyber state parameters 222, cyber state signatures 228) that pertain to corresponding regions of thecontrol system 101. TheRS agent 110 may be configured to generatestate keys 160 comprisingcorresponding CPKD 162 by use of thecyber-physical topology 115 and/orsignature schema 116, as disclosed herein. TheRS agent 110 may generatestate keys 160 such that theCPKD 162 ofrespective state keys 160 comprise and/or correspond to a cyber state and physical state of corresponding portions of the control system 101 (e.g., portions that are operatively and/or communicatively coupled, are part of thesame CPCE 105, are onsame CPC paths 108, and/or the like). By way of non-limiting example, theRS agent 110 may incorporate cyber state information pertaining to particularcyber components 120 into theCPKD 162 of a state key 160 (e.g., a state of cyber communication at particular cyber nodes 124) and, in response, may incorporate physical state information pertaining tocyber-physical components 102 that are operatively and/or communicatively coupled to the particularcyber components 120. By way of further non-limiting example, theRS agent 110 may incorporate a physical state of particularphysical components 140 into theCPKD 162 of a state key 160 (e.g., a physical state of particular sensor and/oractuator devices 144/146) and, in response, may incorporate cyber state information into theCPKD 162 corresponding tocyber-physical components 102 that are operatively and/or communicatively coupled to the particularphysical components 140. - In some embodiments, the
RS agent 110 may be configured to generatestate keys 160 comprisingCPKD 162 that covers selected regions of thecontrol system 101. As used herein,CPKD 162 that “covers” a particular region of thecontrol system 101 refers toCPKD 162 that comprises, corresponds to, and/or is derived fromcyber-physical state metadata 111 corresponding to the particular region, which may comprise and/or correspond to one or more CPCE 105 (and/orCPC paths 108,CPCE sections 109, and/orcyber-physical components 102 thereof). GeneratingCPKD 162 that covers a selected region of thecontrol system 101 may comprise: identifyingcyber-physical state metadata 111 that corresponds to the selected region, and generating theCPKD 162 by use of the identifiedcyber-physical state metadata 111.Cyber-physical state metadata 111 that corresponds to a selected region of thecontrol system 101 may be identified by use of thecyber-physical topology 115 and/orsignature schema 116, as disclosed herein. ACPKD 162 may covers a selected region of the control system may comprise and/or correspond to one or more of:cyber-physical state metadata 111,cyber-physical state parameters 112,CPSS 118,cyber state metadata 220,cyber state parameters 222,cyber state signatures 228,physical state metadata 240,physical state parameters 242,physical state signatures 248, portion(s) thereof, and or the like. - The
RS agent 110 may be configured to select regions of thecontrol system 101 to be covered by theCPKD 162 ofrespective state keys 160 at any suitable granularity. TheRS agent 110 may be configured to generateCPKD 162 configured to cover particular:cyber-physical components 102,CPCE 105,CPC paths 108,CPCE sections 109,cyber paths 126,physical process couplings 148, and/or the like. TheRS agent 110 may be configured to select regions to be covered by theCPKD 162 ofrespective state keys 160 in accordance with any suitable selection mechanism, including, but not limited to: random selection, pseudorandom selection, a round-robin selection, an adaptive selection (to ensure adequate coverage of the control system 101), weighted selection (to increase monitoring of venerable and/or sensitive portions of thecontrol system 101 by the CPKD 162), a deterministic selection (e.g., a selection in accordance with an isolation scheme, as disclosed in further detail herein), and/or the like. - The
RS agent 110 may be configured to communicatestate keys 160 through thecontrol system 101. In some embodiments, theRS agent 110 may be configured to communicaterespective state keys 160 through regions of thecontrol system 101 covered by theCPKD 162 thereof (e.g., through regions of thecontrol system 101 covered by theCPKD 162 of therespective state keys 160, as disclosed herein). Selecting regions of thecontrol system 101 to be covered byCPKD 162 ofrespective state keys 160 may, therefore, comprise selecting regions of thecontrol system 101 through which therespective state keys 160 are to be communicated. Alternatively, theRS agent 110 may be configured to communicatestate keys 160 through selected regions of thecontrol system 101 that may, or may not, be selected in accordance with the regions of thecontrol system 101 covered by theCPKD 162 thereof. - In some embodiments, communicating
state keys 160 through thecontrol system 101 may comprise theRS agent 110 parsing thestate keys 160 into a plurality offragments 161, transmitting eachfragment 161 throughrespective CPE paths 108, and receivingvalidation data 171 in response to the communication. In some embodiments, each statekey fragment 161 may comprise arespective CPKD fragment 163, which may comprise at least a portion of the cyber and/or physical state key data of theCPKD 162 of thecorresponding state key 160. In some embodiments, eachfragment 161 may further comprise a fragment identifier, which may be configured to: associate fragments 161 with respective state keys 160 (distinguishfragments 161 ofrespective state keys 160 and/orfragments 161 of other state keys 160), associate thefragments 161 with portion(s) of thestate key 160, provide for associatingvalidation data 171 received at theRS agent 110 with thestate key 160 and/orrespective fragments 161 thereof (e.g.,associate validation data 171 returned in response to communication ofrespective fragments 161 of the state key 160), provide for synchronizing the fragments 161 (and/orvalidation data 171 returned in response to the fragments 161), and/or the like. - In the
FIG. 2 embodiment, theRS agent 110 is configured to parsestate keys 160 into a plurality offragments 161A-N, including afirst fragment 161A and alast fragment 161N, eachfragment 161A-N comprising a respective fragment of the CPKD 162 (e.g., a respective CPKD fragment 163A-N). In some embodiments, theCPKD fragment 163A of thefirst fragment 161A may comprise and/or correspond to a cyber state of thecontrol system 101, and thelast fragment 161N may comprise and/or correspond to a physical state of the control system 101 (e.g., theCPKD fragment 163A may comprise portion(s) of theCPKD 162 pertaining to the cyber state of the region of thecontrol system 101 covered by theCPKD 162, and theCPKD fragment 163N may comprise portion(s) of theCPKD 162 pertaining to the physical state of the region). Alternatively, the CPKD fragments 163A-N may comprise and/or correspond to portions of theCPKD 162 corresponding to the cyber and physical state of thecontrol system 101. - In some embodiments, the
RS agent 110 may be configured to generate statekey fragments 161 in accordance with a parsingschema 117. The parsingschema 117 may correspond to thecyber-physical state metadata 111,cyber-physical topology 115, and/orsignature schema 116, as disclosed herein. The parsingschema 117 may define a schema by whichCPKD 162 ofrespective state keys 160 may be parsed into a plurality of CPKD fragments 163A-N, eachCPKD fragment 163A-N comprising and/or corresponding to cyber and/or physical key data covering at least a portion of the region covered by theCPKD 162. The parsingschema 117 may provide for generating CPKD fragments 163A-N comprise cyber and/or physical state information configured to cover corresponding regions of the control system 101 (e.g., corresponding sub-regions of the region covered by the CPKD 162). As disclosed above, theCPKD 162 of astate key 160 may be configured to cover selected regions of thecontrol system 101. TheRS agent 110 may generatefragments 161A-N ofrespective state keys 160, such that eachfragment 161A-N comprises aCPKD fragment 163A-N that comprises and/or is derived from corresponding cyber and/or physical state information, as disclosed herein. In some embodiments, parsing aCPKD 162 of astate key 160 may comprise: generating aCPKD fragment 163A for afirst fragment 161A of thestate key 160 that comprises and/or corresponds to a cyber-physical state of a first portion of the region covered by theCPKD 162; and generating aCPKD fragment 163N for alast fragment 161N of thestate key 160 that comprises and/or corresponds to a second portion of the region. By way of non-limiting example, theCPKD fragment 163A may comprisecyber-physical state parameters 112 and/orCPSS 118 configured to characterize the cyber and/or physical state of the first portion of the region, and theCPKD fragment 163N may comprisecyber-physical state parameters 112 and/orCPSS 118 configured to characterize the cyber and/or physical state of the second portion. Therefore, theCPKD fragment 163A of the first statekey fragment 161A may cover the first portion of the region, and theCPKD fragment 163N of the laststate key fragment 161N may cover the second portion of the region. - As disclosed above, the
RS agent 110 may be configured to communicatestate keys 160 through thecontrol system 101, which may comprise parsing thestate keys 160 into a plurality offragments 161A-N, and communicating therespective fragments 161A-N through thecontrol system 101. In some embodiments, communicating thefragments 161A-N of astate key 160 may comprise sending thefragments 161A-N through theCS network 122, receivingvalidation data 171A-N returned in response to communication of the respectivekey fragments 161A-N, and using the returnedvalidation data 171A-N to, inter alia, evaluate a cyber and/or physical health of thecontrol system 101, as disclosed herein. In some embodiments,validation data 171 returned in response to communication of a statekey fragment 161 may comprise a cyber-physical reproduction or copy thereof (e.g.,validation data 171A-N may comprise a cyber-physical reproduction of CPKD fragments 163A-N, respectively). As used herein, a “cyber-physical reproduction” or “cyber-physical copy” of data, such as CPKD 162 (and/or aCPKD fragment 163A-N), refers to a copy and/or reproduction of the data as communicated through acyber-physical system 100, such as thecontrol system 101. A cyber-physical reproduction of aCPKD fragment 163A-N may comprise a copy and/or reproduction of theCPKD fragment 163A-N as communicated through thecontrol system 101. TheRS agent 110 may be configured to determinecyber-physical health metadata 180 pertaining to thecontrol system 101 by, inter alia, comparingrespective state keys 160 tovalidation data 171A-N acquired in response to communication ofrespective fragments 161A-N of therespective state keys 160. TheRS agent 110 may be configured to comparerespective validation data 171A-N to corresponding portions of the state key 160 (e.g., corresponding portions of theCPKD 162 of the state key 160). As disclosed above, each statekey fragment 161A-N of thestate key 160 may comprise a respective CPKD fragment 163A-N, which may comprise one or more of:cyber-physical state metadata 111, acyber-physical state parameter 112, aCPSS 118,cyber state metadata 220, acyber state parameter 222, acyber state signature 228,physical state metadata 240, aphysical state parameter 242, aphysical state signature 248, portion(s) thereof, and/or the like. Thevalidation data 171 acquired in response to communication of the statekey fragment 161 may, therefore, comprise a cyber-physical reproduction of theCPKD fragment 163 thereof (e.g., a cyber-physical reproduction of thecyber-physical state metadata 111, thecyber-physical state parameter 112, theCPSS 118, thecyber state metadata 220, acyber state parameter 222, acyber state signature 228,physical state metadata 240, aphysical state parameter 242, aphysical state signature 248, portion(s) thereof, and/or the like). TheRS agent 110 may be configured to compare cyber-physical reproductions of respective CPKD fragments 163A-N (ofrespective validation data 171A-N) to corresponding CPKD fragments 161A-N of theoriginal state key 160. As disclosed in further detail herein, theRS agent 110 may determine fragment errors 177A-N configured to quantify an error, difference, and/or distance between respective CPKD fragments 163A-N and corresponding cyber-physical reconstructions thereof (e.g., validation CPKD fragments 173A-N, as communicated throughrespective CPC paths 108 of the control system 101). - In some embodiments, the
RS agent 110 may be configured to generate a cyber-physical reconstruction of respective state keys 160 (validation keys 170) by use of thevalidation data 171A-N returned in response to communication ofrespective fragments 161A-N of thestate keys 160. As used herein, a “cyber-physical reconstruction” of data, such as astate key 160, refers to data reconstructed from a plurality of cyber-physical reproductions, each cyber-physical reproduction corresponding to a respective portion of the data. TheRS agent 110 may be configured to acquirevalidation data 171A-N corresponding to eachfragment 161A-N of astate key 160, and use the acquiredvalidation data 171A-N to generate avalidation key 170 corresponding to thestate key 160. Acquiring thevalidation data 171A-N may comprise theRS agent 110 receiving messages comprising thevalidation data 171A-N through the CS network 122 (e.g., via one or more cyber paths 126). Alternatively, or in addition, acquiring thevalidation data 171A-N may comprise detecting messages comprisingrespective validation data 171A-N within theCS network 122. The detecting may comprise monitoring cyber communication on theCS network 122 to detect messages comprisingvalidation data 171 corresponding to state key fragments 161. The monitoring may comprise sniffing and/or inspecting messages on theCS network 122 to detect messages corresponding to communication of respective state key fragments 161A-N (e.g., based on identifying and/or addressing information of the messages, contents of the messages, data of the messages, data streams of the messages, and/or the like). TheRS agent 110 may be configured to retrieve the detected messages through the CS network 122 (e.g., retrieve broadcast messages on theCS network 122, retrieve messages communicated throughcyber nodes 124 coupled to theRS agent 110, and/or the like). - In some embodiments, the
RS agent 110 may be further configured to synchronize the acquiredvalidation data 171A-N, which may comprise associating thevalidation data 171A-N with acorresponding state key 160. TheRS agent 110 may associate a message comprisingvalidation data 171 with acorresponding state key 160 by use of one or more of: an identifier of thestate key 160, an identifier of the message, an address of the message, an identifier of the validation data 171 (e.g., a fragment identifier of the corresponding state key fragment 161), and/or the like. The synchronizing may further comprise determining a latency ofrespective validation data 171A-N, which may comprise theRS agent 110 determining a time between statekey fragments 161A-N corresponding to thevalidation data 171A-N were transmitted on theCS network 122 and a time at which thecorresponding validation data 171A-N were acquired (e.g., a time at which messages comprising therespective validation data 171A-N were returned and/or detected by the RS agent 110). The synchronizing may further comprise rejectingvalidation data 171A-N in response to a latency thereof exceeding a latency threshold. - Generating the
validation key 170 may further comprise determining validation cyber-physical key data (validation CPKD 172) for thevalidation key 170. Determining thevalidation CPKD 172 may comprise generating validation CPKD fragments 173A-N by use of the acquiredvalidation data 171A-N. As disclosed above, in some embodiments, each statekey fragment 161A-N may comprise a respective portion of theCPKD 162 of the state key 160 (e.g., a respective CPKD fragment 163A-N, comprising respectivecyber-physical state metadata 111,cyber-physical state parameters 112,CPSS 118,cyber state metadata 220,cyber state parameters 222,cyber state signatures 228,physical state metadata 240,physical state parameters 242,physical state signatures 248, portions thereof, and/or the like). The acquiredvalidation data 171A-N may comprise cyber-physical reproductions ofrespective fragments 161A-N of thestate key 160 and, as such, may comprise cyber-physical reproductions of respective CPKD fragments 163A-N thereof (e.g., comprise cyber-physical reproductions of respective portions of theCPKD 162 of the state key 160). Therefore, in some embodiments, the acquiredvalidation data 171A-N may comprise the validation CPKD fragments 173A-N. Generating thevalidation CPKD 172 of thevalidation key 170 may comprise obtaining the validation CPKD fragments 173A-N from the acquiredvalidation data 171A-N, and combining the validation CPKD fragments 173A-N to form thevalidation CPKD 172. The combining may comprise arranging the validation CPKD fragments 173A-N in accordance with an arrangement of the corresponding CPKD fragments 163A-N within theCPKD 162 of thestate key 160. TheRS agent 110 may be configured to recombine the CPKD fragments 173A-N in accordance with thesignature schema 116, as disclosed herein. - As disclosed above, the
RS agent 110 may be configured to communicatefragments 161 ofrespective state keys 160 through selected regions of thecontrol system 101. TheRS agent 110 may be configured to communicate statekey fragments 161 through regions of thecontrol system 101 covered by the CPKD fragments 163 thereof, as disclosed herein. Alternatively, theRS agent 110 may be configured to communicatestate keys 160 and/orfragments 161 thereof through regions that may, or may not, correspond to the region of the control system covered by theCPKD 162 and/orCPKD fragments 163 thereof. - In some embodiments, communicating a state
key fragment 161 may comprise transmitting the statekey fragment 161 to a selected actuator device 146 (through the CS network 122), theactuator device 146 transmittingvalidation data 171 corresponding to the statekey fragment 161 to a selected sensor device 144 (by, across, and/or through a PPV 155), and thesensor device 144 returning thevalidation data 171 to the RS agent 110 (through the CS network 122). Theactuator device 146 and/orsensor device 144 may be selected in accordance with any suitable selection mechanism and/or criteria, as disclosed herein. - In some embodiments, the
RS agent 110 may be configured to communicate state key fragments 161A-N through selectedCPCE 105. Communicating a statekey fragment 161 through a selectedCPCE 105 may comprise communicating thefragment 161 through thecyber section 129 of theCPCE 105 and thephysical control section 149 of theCPCE 105. Communicating astate key 160 through a selectedCPCE 105 may comprise communicatingfragments 161 thereof throughCPC paths 108 thereof, eachCPC path 108 comprising a firstcyber path 126, aphysical control coupling 148, and a secondcyber path 126, as disclosed herein. Communicating a statekey fragment 161 through aCPC path 108 may comprise transmitting the statekey fragment 161 through: a firstcyber path 126, aphysical control coupling 148, and a secondcyber path 126. As disclosed in further detail herein, communicating a statekey fragment 161 through thephysical control coupling 148 may comprise communicatingvalidation data 171 by, across, and/or through a PPV 155 (e.g., aphysical process 150 and/or physical process attribute(s) 152 thereof). TheCPCE 105 and/orCPC path 108 may be selected in accordance with any suitable selection mechanism and/or criteria, as disclosed herein (e.g., may be selected in accordance with a region of thecontrol system 101 covered by theCPKD fragment 163 thereof). Communicating a statekey fragment 161 through aCPC path 108 may comprise sending thefragment 161 to thephysical control coupling 148 through the firstcyber path 126, and receivingvalidation data 171 communicated through, across, and/or by use of thephysical control coupling 148 through the secondcyber path 126. - In some embodiments, communicating a state
key fragment 161 through aCPC path 108 may comprise sending thefragment 161 to a correlator 166 (through a first cyber path 126). As used herein, acorrelator 166 refers to acyber-physical component 102 of thecontrol system 101 configured to determine and/or communicatevalidation data 171 corresponding to a statekey fragment 161 through, across, and/or by use of aPPV 155. Thecorrelator 166 may be configured to communicate thevalidation data 171 through, by, and/or across thephysical process 150 and/or physical process attribute(s) 152 of thephysical control coupling 148. As used herein, areceiver 168 refers to acyber-physical component 102 of thecontrol system 101 configured to detect, receive, and/or interpretvalidation data 171 communicated by acorrelator 166. Areceiver 168 may be configured to detect, receive, and/or interpretvalidation data 171 communicated through, by, and/or across thephysical process 150 and/or physical process attribute(s) 152 of thephysical control coupling 148. - In some embodiments, the
correlator 166 comprises and/or is coupled to anactuator device 146, theactuator device 146 operatively coupled to thePPV 155 of thephysical coupling 148. The correlator 166 (e.g., actuator device 146) may be configured to receive the statekey fragment 161, and transmit correlation signal(s) comprising thevalidation data 171 to a selectedreceiver 168. The correlator 166 (e.g., actuator device 146) may be configured to transmit the correlation signal(s) by, inter alia, performing physical operations configured to affect, manipulate, and/or modify thephysical process 150 and/or physical process attribute(s) 152, as disclosed herein. Thecorrelator 166 may be configured to convert the statekey fragment 161 into physical operations capable of being performed thereby, the physical operations configured to produce changes in the PPV 155 (e.g.,physical process 150 and/or physical process attribute(s) 152) corresponding to thevalidation data 171. In some embodiments, the changes may be configured to have negligible effects on thePPV 155 and/or control functions pertaining thereto. In some embodiments, thecorrelator 166 may be configured to communicate thevalidation data 171 on a physical medium of thePPV 155. By way of non-limiting example, thePPV 155 may comprise the transmission and/or distribution of electrical power on a conductor, and the correlator 166 (e.g., actuator device 146) may be configured to transmit thevalidation data 171 on the conductor by, inter alia, power-line communication (PLC), and/or other technique. The correlator 166 (e.g., actuator device 146) may be configured to transmit thevalidation data 171 on any suitable medium associated with thePPV 155 including, but not limited to: a physical medium, an electrical medium (e.g., one or more conductors, traces, lines, and/or the like), an acoustic medium, a hydraulic medium, a pneumatic medium, a wireless medium (e.g., an electromagnetic signal propagation medium), and/or the like. Alternatively, or in addition, the correlator 166 (e.g., actuator device 146) may be configured to communicate thevalidation data 171 by use of signal(s) being communicated across, though, and/or by thePPV 155. The correlator 166 (e.g., actuator device 146) may be configured to communicate thevalidation data 171 on signal(s) carried on aphysical process 150 and/or physical process attribute(s) 152 (may use a signal being propagated on, across, and/or throughphysical process 150 and/or attribute(s) 152 as a carrier signal, modulate the signal, and/or otherwise use the signal for communication of the validation data 171). Alternatively, or in addition, the correlator 166 (e.g., actuator device 146) may be configured to embed thevalidation data 171 in signals and/or data being communicated via the PPV 155 (e.g., may embed thevalidation data 171 by steganography, network steganography, image steganography, and/or any other suitable technique). - In some embodiments, the
receiver 168 comprises and/or is coupled to asensor device 144 operatively coupled to thePPV 155 of thephysical control coupling 148. The receiver 168 (sensor device 144) may be configured to: receivevalidation data 171 communicated by thecorrelator 166, and return thevalidation data 171 to theRS agent 110 via theCS network 122. Receiving thevalidation data 171 may comprise the receiver 168 (e.g., sensor device 144) acquiring sensor data comprising thevalidation data 171 communicated across thePPV 155, as disclosed above. Receiving thevalidation data 171 may further comprise the sensor device 144 (and/or acomputational component 130 closely coupled thereto) detecting thevalidation data 171 within the acquired sensor data. Receiving thevalidation data 171 may comprise identifying correlation signal(s) and/orvalidation data 171 within the acquired sensor data, isolating the identified correlation signal(s) and/orvalidation data 171, extracting the identified correlation signal(s) and/orvalidation data 171, filtering the acquired sensor data, and/or the like. Alternatively, or in addition, receiving thevalidation data 171 may comprise receiving signal(s) comprising thevalidation data 171 on a medium corresponding to thePPV 155 of the physical coupling 148 (e.g., aphysical process 150 and/or physical process attribute(s) 152), such as a physical medium, electrical medium, acoustic medium, hydraulic medium, pneumatic medium, wireless medium, and/or the like, as disclosed above. In some embodiments, the receiver 168 (e.g., sensor device 144) may be configured to receivevalidation data 171 communicated on a signal of thePPV 155, and/or embedded in signal(s) and/or data communicated through thePPV 155, as disclosed above. - In some embodiments, the
correlator 166 may comprise and/or be coupled to acomputational component 130 of thecontrol system 101 configured to communicatevalidation data 171 corresponding to the statekey fragment 161 across the physical control coupling 148 (e.g., by use of one or more physical component(s) 140 tightly coupled thereto). Thecorrelator 166 may comprise and/or be coupled to acontroller 132 configured to: receive the statekey fragment 161 and, in response, cause one or moreactuator devices 146 to transmitvalidation data 171 by, across and/or through, thephysical process 150 and/or physical process attributes(s) 152, as disclosed herein. In some embodiments, thereceiver 168 may comprise and/or be coupled to acomputational component 130 configured to receivevalidation data 171 communicated by, across, and/or through thephysical process 150 and/orphysical process attribute 152 by use of one or more physical component(s) 140 tightly coupled thereto. Thereceiver 168 may comprise acontroller 132 configured to: receivevalidation data 171 by use of one ormore sensor devices 144 operatively coupled to thephysical process 150 and/or physical process attribute(s) 152, as disclosed herein. The receiver 168 (e.g., controller 132) may be configured to determine thevalidation data 171 by use of sensor data acquired by the one ormore sensor devices 144, and return thevalidation data 171 to theRS agent 110, as disclosed herein. - In some embodiments, the
correlator 166 may comprise acomputational component 130 configured to, inter alia, receive the statekey fragment 161, and determinevalidation data 171 corresponding to thefragment 161 by use of one or morephysical components 140 operatively and/or communicatively coupled thereto. Thecomputational component 130 may further comprise thereceiver 168, and may be configured to return thedetermined validation data 171 to theRS agent 110, as disclosed herein. The correlator 166 (e.g., controller 132) may be configured to determine thevalidation data 171 by, inter alia, determining cyber-physical key data corresponding to theCPKD fragment 163 of the statekey fragment 161. The correlator 166 (e.g., controller 132) may determine the cyber-physical key data by, inter alia, acquiring cyber-physical state information corresponding to the CPKD fragment 163 (e.g., a cyber-physical state of thePPV 155 and/orphysical components 140 operatively coupled thereto, such as one or moreactuator devices 146,sensor devices 144, and/or the like), and deriving the cyber-physical key data from the acquired cyber-physical state information. Determining thevalidation data 171 may comprise using thephysical control metadata 249 to verify that the physical state of thePPV 155 as indicated by one or moreactuator devices 146 coupled thereto is consistent with a state of thePPV 155 as indicated by correspondingsensor devices 144. Determining thevalidation data 171 may comprise predicting a state of thePPV 155 based on a state of theactuator devices 146, acquiring the state of thePPV 155 based on a state of thesensor devices 144, and/or comparing the predicted state to the acquired state. The state of thePPV 155 may be determined and/or estimated in accordance withphysical control metadata 249 pertaining thereto, which may comprise, inter alia, a model by which a state of the PPV 155 (as indicated by one or more sensor devices 144) may be determined from a state ofactuator devices 146 operatively coupled thereto. Determining thevalidation data 171 may comprise introducing noise and/or error into the cyber-physical reproduction of the state key fragment 161 (the validation data 171) in accordance with noise and/or error between the predicted state and the acquired state. The receiver 168 (e.g., controller 132) may be further configured to returnvalidation data 171 comprising the cyber-physical key data to theRS agent 110, as disclosed herein. Although particular mechanisms for communicatingstate keys 160, statekey fragments 161, and/orcorresponding validation data 171 are described herein, the disclosure is not limited in this regard, and could be adapted to communicatestate keys 160, statekey fragments 161, and/orcorresponding validation data 171 using any suitable means (e.g., by, across and/or through anysuitable PPV 155 and/or in accordance with any suitable cyber-physical state information pertaining thereto). - Communicating a
state key 160 may further comprise theRS agent 110 acquiringvalidation data 171A-N returned in response to communication ofrespective fragments 161A-N of thestate key 160, and determining validation CPKD fragments 173A-N by use of the acquiredvalidation data 171A-N. Acquiring thevalidation data 171A-N may comprise validating messages comprising thevalidation data 171A-N, associating thevalidation data 171A-N with thestate key 160, synchronizing thevalidation data 171A-N, determining a latency ofrespective validation data 171A-N, and/or the like, as disclosed herein. TheRS agent 110 may be further configured to generate avalidation key 170, which may comprise a cyber-physical reconstruction of theCPKD 162 of the state key 160 (may comprise validation CPKD 172). Generating thevalidation key 170 may comprise reconstructing thevalidation CPKD 172 by use of the determined validation CPKD fragments 173A-N, which may comprise reconstructing thevalidation CPKD 172 in accordance with parsingschema 117 by which the correspondingfragments 161A-N (and/or CPKD fragments 163A-N thereof) were generated, as disclosed herein. - In some embodiments, the
RS agent 110 may be configured to comparestate keys 160 tovalidation data 171 returned in response to communication of thestate keys 160 through portions of thecontrol system 101. The comparing may comprise comparingrespective state keys 160 to corresponding validation keys 170 (e.g., comparingCPKD 162 ofrespective state keys 160 tovalidation CPKD 172 of the corresponding validation keys 170). Alternatively, or in addition, the comparing may comprise comparingfragments 161A-N ofrespective state keys 160 tocorresponding validation data 171A-N (and/or comparing CPKD fragments 163A-N to corresponding validation CPKD fragments 173A-N). TheRS agent 110 may be further configured to determine and/or maintainerror metrics 175 pertaining to communication of thestate keys 160, including, but not limited to: key errors 176, fragment errors 177, and/or the like. TheRS agent 110 may be configured to determine key error metrics (key errors 176), which may correspond to an error, distance, and/or difference betweenvalidation keys 170 and corresponding state keys 160 (and/orvalidation CPKD 172 and theCPKD 162 of corresponding state keys 160). The key error metric 176 for astate key 160 may be configured to quantify error introduced by the cyber-physical reconstruction of the state key 160 (e.g., by communication offragments 161 of thestate key 160 throughrespective CPC paths 108 of the control system 101). Alternatively, or in addition, theRS agent 110 may be configured to determine fragment error metrics (fragment errors 177), which may correspond to an error, distance, and/or difference between statekey fragments 161 and corresponding validation data 171 (and/orCPKD fragments 163 and the corresponding validation CPKD fragments 173). The fragment error 177 for a statekey fragment 161 may be configured to quantify error introduced by the cyber-physical reproduction thereof (e.g., by communication of thefragment 161 through aCPC path 108 of the control system 101). In some embodiments, the key error 176 of astate key 160 may correspond to fragment errors 177A-N ofrespective fragments 161A-N thereof. - The
RS agent 110 may be configured to determineerror metrics 175 betweenstate keys 160,CPKD 162, statekey fragments 161, and/or CPKD fragments 163 (S1) andcorresponding validation keys 170,validation CPKD 172,validation data 171, and/or CPKD fragments 173 (S2), using any suitable means. In some embodiments, theRS agent 110 is configured to calculateerror metrics 175 in accordance with, inter alia, a root mean square (RMS) technique, as follows: -
- In the expression above, eRMS may comprise an RMS error between S1 and S2, and N may be a length of S1 and S2.
- Alternatively, or in addition, the
RS agent 110 may be configured to calculateerror metrics 175 in accordance with, inter alia, an edit distance, as follows: -
e=i+d+3c+5w -
c+w≤min(l 1 ,l 2) -
i+d=|l 1 ,l 2| - In the expression above, l1 may comprise a length of S1 (the
state key 160,CPKD 162,fragment 161,CPKD fragment 163, and/or the like), 12 may be a length of S2 (thevalidation key 170,validation CPKD 172,validation data 171,validation CPKD fragment 173, and/or the like), i is a number of insertions, d is a number of deletions, c is a number of changes, and w is a number of swaps between S1 and S2. In some embodiments, the edit distance may be rescaled from 0-64 to 0-100, to produce an error metric M, as follows: -
- The error metric (M) may comprise a weighted percentage of a degree to which S1 and Sz deviate from being homologous sequences of one another (e.g., how many bits differ and/or are in different orders). A low error metric (M) may, therefore, indicate that S1 and S2 correspond to a common ancestor (e.g., a same or cyber-physical state and/or
CPKD 162/163). A high error metric (M) may indicate little or no homology between S1 and S2 (e.g., may indicate significant changes to the cyber-physical state,CPKD 162,CPKD fragment 163, and/or the like). Although particular embodiments for determining error metrics are described herein, the disclosure is not limited in this regard and could be adapted to use any suitable means, technique, and/or mechanism for quantifying error introduced by communication ofstate keys 160 and/or statekey fragments 161 throughrespective CPC paths 108 of acontrol system 101, as disclosed herein. - The
RS agent 110 may be further configured to determine a cyber-physical health of thecontrol system 101 and/or validate cyber-physical state metadata 111 (and/or portions thereof) based on, inter alia,error metrics 175 determined in response to communicatingrespective state keys 160, as disclosed herein. As disclosed above, thecyber-physical state metadata 111 used to characterize the cyber-physical state of thecontrol system 101 may be acquired from respective cyber-physical components 102 (e.g., by requesting cyber-physical state information from respectivecyber-physical components 102, monitoring communication on theCS network 122, estimating cyber-physical state information, and/or the like). If one or more of thecyber-physical components 102 is compromised, the cyber-physical state information acquired therefrom may be inaccurate (or even adversarial), leading to inaccuracies in the determination, estimation, and/or acquisition of the cyber-physical state of the control system 101 (e.g., an attacker may introduce adversarial cyber-physical state information through a compromisedcomponent 102, through the physical environment, via theCS network 122, from an external network, and/or the like). Communication ofstate keys 160 throughrespective CPCE 105 and/orCPC paths 108 of thecontrol system 101 may ensure that cyber-physical state information acquired from cyber-physical component(s) 102 thereof are accurate. Although an attacker may be able to emulate and/or “spoof” communication on the CS network 122 (e.g., inject adversarial messages, signals and/or the like), attackers (and/orcyber-physical components 102 compromised thereby) may be incapable of emulating and/or spoofing communication of state keys 160 (and/or state key fragments 161), as disclosed herein, much less communicatingstate keys 160 comprising cyber-physicalkey data 162 that comprises, and/or corresponds to context-specificcyber-physical state metadata 111 and/orCPSS 118. For example, attackers may have no knowledge of thecyber-physical topology 115 and/or cyber-physical state information from which thecyber-physical state metadata 111 and/orCPSS 118 are derived and, as such, may be incapable of emulating communication ofstate keys 160, statekey fragments 161 and/orcorresponding validation data 171, as disclosed herein. Moreover, even if an external attacker were able to capture statekey fragments 161 and/orvalidation data 171 within theCS network 122, the use ofCPKD 162 covering different regions of the control system 101 (e.g., comprising and/or derived from differentcyber-physical state metadata 111 and/orCPSS 118 in accordance with acyber-physical topology 115 and/or signature schema 116), changes to the underlyingcyber-physical state metadata 111 itself (and/or corresponding CPSS 118), the use ofstate keys 160 and/or statekey fragments 161 comprisingCPKD 162 and/orCPKD fragments 163 covering different regions of thecontrol system 101, and communication ofstate keys 160 and/orfragments 161 through different regions of the control system 101 (e.g., communication of statekey fragments 161 by, across, and/or throughphysical process couplings 148 of different CPCE 105) may make it impossible for an attacker to employ such captured data in a replay or similar attack (or use captured data to attempt to reverse engineer state keys and/or statekey fragments 161 for replay). Although an attacker may compromise acyber-physical component 102 of thecontrol system 101, the attacker may be incapable of configuring the compromisedcomponent 102 to properly communicatestate keys 160 and/or statekey fragments 161, as disclosed herein. Furthermore, theRS agent 110 may be capable of operating on relatively simple devices. TheRS agent 110 may be configured to deriveCPSS signatures 118 using low-overhead techniques, which may be capable of operating on rudimentary devices, such as PLC. - The
RS agent 110 may determinecyber-physical health metadata 180 for thecontrol system 101 by use oferror metrics 175 pertaining to communication ofstate keys 160 and/or statekey fragments 161 through respective regions of thecontrol system 101. As disclosed above, increasingerror metrics 175 may indicate increased error in communication ofstate keys 160 and/or statekey fragments 161 through thecontrol system 101, which increased error may be due to degradation to the cyber and/or physical health of thecontrol system 101. Accordingly, health metrics of thecyber-physical health metadata 180 may be inversely proportional to theerror metrics 175 determined by theRS agent 110. In one embodiment, theRS agent 110 may be configured to determine thecyber-physical health metadata 180 based on, inter alia,error metrics 175 ofstate keys 160 most recently generated and/or communicated through thecontrol system 101. Thecyber-physical health metadata 180 may comprise and/or correspond to a state key window (e.g., error metrics of the last N state keys 160). By way of non-limiting example, theRS agent 110 may be configured to calculate health metrics comprising a last N error metrics 175 (e), as follows: -
- In the expression above, CPH may comprise a cyber-physical health metric, and ei may comprise
error metrics 175 associatedrespective state keys 160 of the lastN state keys 160. - The
cyber-physical health metadata 180 may further comprise confidence metrics pertaining to thecyber-physical state metadata 111. Thecyber-physical health metadata 180 may quantify a confidence that thecyber-physical state metadata 111 accurately reflects the cyber-physical state of thecontrol system 101. As disclosed above, thecyber-physical state metadata 111 may be determined by, inter alia, acquiring cyber-physical state information from respective regions of the control system 101 (e.g., respectivecyber-physical components 102,CPCE 105,CPC paths 108,CPCE sections 109, and/or the like). The cyber-physical state information may be acquired from regions through which theRS agent 110 is configured to communicaterespective state keys 160 and/or state key fragments 161.Error metrics 175 corresponding to communication ofrespective state keys 160 and/or statekey fragments 161 may, therefore, correspond to error in cyber-physical state information from which the cyber and/or physical state of thecontrol system 101 is acquired (and/or from which thecyber-physical state metadata 111 are determined). The confidence metrics determined by theRS agent 110 may, therefore, be inversely proportional to theerror metrics 175, such that increases to theerror metrics 175 result in decreased confidence metrics, and vice versa. In some embodiments, theRS agent 110 may determine confidence metrics by use of one or more error metrics 175 (e.g., a lastN error metrics 175, as disclosed above). - In some embodiments, the
RS agent 110 may be further configured to associateerror metrics 175 with particular regions of the control system 101 (e.g.,particular CPCE 105,CPC paths 108,CPCE sections 109,cyber-physical components 102,cyber nodes 124,cyber paths 126,physical process couplings 148, and/or the like). As disclosed above, theerror metrics 175 determined in response to communication of state keys 160 (and/or respective state key fragments 161) through respective regions of thecontrol system 101 may indicate an error introduced by communication through the respective regions. TheRS agent 110 may be configured to associateerror metrics 175 of particular state keys 160 (and/or respective state key fragments 161) with regions of thecontrol system 101 through which the particular state keys 160 (and/or respective key fragments 161) were communicated. TheRS agent 110 may be configured to associate key errors 176 withCPCE 105 through which thecorresponding state keys 160 were communicated, associate fragment errors 177A-N withCPC paths 108 through which the corresponding statekey fragments 161 were communicated, and so on. TheRS agent 110 may be configured to determinecyber-physical health metrics 180 corresponding to respective regions of the control system 101 (e.g.,respective CPCE 105,CPC paths 108,cyber-physical components 102, and/or the like), which may be based on, inter alia,error metrics 175 associated with the respective regions, as disclosed above. - In some embodiments, the
RS agent 110 may be further configured to associateerror metrics 175 with respective portions of thecyber-physical state metadata 111. TheRS agent 110 may be configured to associateerror metrics 175 of particular state keys 160 (and/or respective state key fragments 161) with portions of thecyber-physical state metadata 111 corresponding to regions of thecontrol system 101 through which the particular state keys 160 (and/or respective key fragments 161) were communicated (e.g., portions of thecyber-physical state metadata 111 corresponding to theCPCE 105,CPC paths 108,CPCE sections 109,cyber-physical components 102,cyber nodes 124, and/or the like, through which thestate keys 160 and/or statekey fragments 161 were communicated). TheRS agent 110 may be further configured to determine confidence metrics for respective portions of thecyber-physical state metadata 111. The confidence metrics may be based on, inter alia, error metrics associated with the respective portions of thecyber-physical state metadata 111, as disclosed herein. - As disclosed above, the
fragments 161 of astate key 160 may be communicated through one or more CPCE 105 (throughrespective CPC paths 108 of the CPCE 105). Thestate keys 160 communicated by theRS agent 110 may, therefore, “cover” respective cyber-physical control regions of thecontrol system 101. As used herein, the cyber-physical control region “covered” by a state key 160 (the “region” covered by thestate key 160, or “covered region” of the state key 160) refers to the cyber-physical control region of thecontrol system 101 through which the state key 160 (and/orfragments 161 thereof) is communicated. A cyber-physical control region may comprise and/or correspond to one or more CPCE 105 (and/or regions thereof). In some embodiments, theRS agent 110 may configurestate keys 160 to cover regions corresponding to theCPKD 162 thereof. Alternatively, theRS agent 110 may configurestate keys 160 to cover regions of thecontrol system 101 that may, or may not, correspond to regions covered by theCPKD 162 thereof. TheRS agent 110 may select regions to be covered byrespective state keys 160 based on any suitable criteria, as disclosed herein, which selection may be independent of theCPKD 162 of therespective state keys 160. - Communicating a
state key 160 through a selected region of thecontrol system 101 may comprise communicatingrespective fragments 161A-N thereof throughrespective CPC paths 108 of the region. Communicating a statekey fragment 161 through aCPC path 108 may comprise sending thefragment 161 through thecyber section 129 of aCPCE 105 of the region to thephysical control section 149 of theCPCE 105, and communicatingcorresponding validation data 171A-N from thephysical control section 149 of theCPCE 105 back through thecyber section 129 of theCPCE 105. Communicating a statekey fragment 161 may comprise the RS agent 110: sending thefragment 161 to a selected correlator 166 (through an input cyber path 126), causing the correlator 166 (e.g., a selected actuator device 146) to communicatecorresponding validation data 171 to a selected receiver 168 (e.g., a selected sensor device 144) by, across, and/or through aPPV 155 of theCPCE 105, and causing thereceiver 168 to return thevalidation data 171 to the RS agent 110 (through a return cyber path 126). Accordingly, theCPC path 108 through which astate key 160 is communicated, may be represented as follows: -
Input Return Cy- Phy 126Physical control coupling 148Cy- Phy 126124 . . . 166 {146} 155 {150, 152} 168 {144} 124 . . . - The input
cyber path 126 may comprise cyber node(s) 124 through which theRS agent 110 sends the statekey fragment 161 to a selected correlator 166 (e.g., actuator device 146) of thephysical control coupling 148. Thephysical control coupling 148 may identify thePPV 155 by, across, and/or through which thecorrelator 166 transmits correspondingvalidation data 171 to a selected receiver 168 (e.g., sensor device 144). The returncyber path 126 may comprise cyber node(s) 124 through which thevalidation data 171 are returned to theRS agent 110. The region covered by astate key 160 may comprise a union of theCPC paths 108 through whichrespective fragments 161 thereof are communicated (e.g., a union of theCPCE 105 corresponding to the respective CPC paths 108). - As disclosed herein, the
error metrics 175 of astate key 160 may quantify error in the cyber-physical reconstruction of the resulting validation key 170 (and/or cyber-physical reproductions of the resulting validation data 171). Theerror metrics 175 of astate key 160 that covers a selected region of thecontrol system 101 may, therefore, quantify error introduced by communication by, across, and/or through the selected region. TheRS agent 110 may, therefore, be configured to attribute the key error 176 of astate key 160 to thecyber-physical components 102 of the region covered thereby (e.g., determine that one or morecyber-physical components 102 within the region contributed to the resulting key error 176). TheRS agent 110 may be further configured to attribute fragment errors 177A-N of the state tocyber-physical components 102 of theCPC paths 108 through which the correspondingfragments 161A-N of thestate key 160 were communicated (e.g., determine that one or morecyber-physical components 102 of therespective CPC paths 108 contributed to the corresponding fragment error 177A-N). TheRS agent 110 may be configured to recorderror metrics 175 attributed to respective cyber-physical components 102 (and/or corresponding cyber-physical state metadata 111) in thecyber-physical health metadata 180, as disclosed herein. - In some embodiments, the
RS agent 110 may be further configured to further refine thecyber-physical components 102 to whichparticular error metrics 175 are attributed by, inter alia, communicating overlapping and/orrelated state keys 160, and evaluating the resultingerror metrics 175 thereof. As disclosed above, state keys 160 (and/or thefragments 161 thereof) may cover respective regions of thecontrol system 101. As used herein, “related” or “overlapping”state keys 160 refer tostate keys 160 that cover at least a portion of a designated “overlap region.” As used herein, a “target” or “overlap” region may refer to a cyber-physical control region, as disclosed herein (e.g., may comprise one or more CPCE 105). An overlap region may, therefore, comprise and/or correspond to a group ofcyber-physical components 102,CPC paths 108,CPCE sections 109,cyber nodes 124, and/or the like. Overlappingstate keys 160 may refer tostate keys 160 configured for communication through a same overlap region (e.g., through one ormore CPCE 105 of the overlap region). Overlappingstate keys 160 may, therefore, refer tostate keys 160 configured for communication through overlappingCPC paths 108. As used herein, “related” or “overlapping”CPC paths 108 refer toCPC paths 108 through a same overlap region of the control system 101 (e.g.,CPC paths 108 through one ormore CPCE 105 of the overlap region). OverlappingCPC paths 108 may correspond to respectivecyber paths 126 and/orphysical process couplings 148 of the overlap region. For example, first andsecond CPC paths 108 through a same overlap region may cover respective portions, sections, and/or sub-regions of the overlap region (e.g., may coverrespective CPCE 105,CPCE sections 109, cyber paths, and/orphysical couplings 148 of the overlap region). TheRS agent 110 may configure overlappingCPC paths 108 to isolate particular regions and/or cyber-physical components 102 (e.g., to differ with respect to inclusion/exclusion of particularcyber-physical components 102 of the overlap region). OverlappingCPC paths 108 configured to isolate particular portions of an overlap region may be referred to herein as “isolation”CPC paths 108. By way of further example, the first and second overlappingCPC paths 108 may comprise isolation CPC paths 108: thefirst CPC path 108 may include firstcyber-physical components 102 that are not included in thesecond CPC path 108 and/or thesecond CPC path 108 may include secondcyber-physical components 102 that are not included in thefirst CPC path 108. TheRS agent 110 may configureisolation CPC paths 108 to isolate particular cyber-physical regions and/orcomponents 102, which may enable differences in theerror metrics 175 thereof to be attributed to the particular cyber-physical regions and/orcomponents 102. TheRS agent 110 may be configured to evaluateerror metrics 175 of overlappingstate keys 160 and/orisolation CPC paths 108 to, inter alia, further refine the cyber-physical components 102 (and/or corresponding cyber-physical state metadata 111) to whicherror metrics 175 should be attributed. TheRS agent 110 may, therefore, determine a cause and/or source ofanomalous error metrics 175. - By way of non-limiting example, the
RS agent 110 may communicate a first state key 160A throughCPCE 105A, which may correspond toCPCE 105A as illustrated inFIG. 1B . The first state key 160A may, therefore, coverCPCE 105A. Communicating the first state key 160A may comprise communicatingrespective fragments 161A-N thereof throughrespective CPC paths 108 ofCPCE 105A, acquiringcorresponding validation data 171A-N, and determining error metrics 177A-N, as follows: -
160A {105A} CPC path 108In. 126 Physical control coupling 148Ret. 126 Frag. error 108AA 124A, E 146A 152A 144A 124D, B, C, A 171AA: {161AA} 177AA . . . . . . . . . 108AN 124A, E 146B 152B 144B 124B, A 171AN: {161AN} 177AN - As indicated above, communication of fragment 161AA may comprise communicating the fragment 161AA through CPC path 108AA, which may comprise: the
RS agent 110 sending the fragment 161AA to a first correlator 166 (actuator device 146A) through an inputcyber path 126 comprisingcyber nodes actuator device 146A transmitting corresponding validation data 171AA to a first receiver 168 (sensor device 144A) through physical process attribute 152A; and thesensor device 144A returning the validation data 171AA to theRS agent 110 through a first returncyber path 126 comprisingcyber nodes 124D, B, C, and A. The resulting fragment error 177AA may quantify an error between the fragment 161AA and the acquired validation data 171AA, as disclosed herein. Communicating fragment 161AN through CPC path 108AN may comprise the RS agent 110: transmitting the fragment 161AN to a second correlator 166 (actuator device 146B) through the inputcyber path 126; theactuator device 146B transmitting corresponding validation data 171AN to a second receiver 168 (sensor device 144B) through physical process attribute 152B; and thesensor device 144B returning the validation data 171AN to theRS agent 110 through a second returncyber path 126 comprisingcyber nodes - The respective error metrics 177AA-AN may indicate a cyber-physical health of the cyber-physical components of the respective CPC paths 108AA-AN. The error metric 177AA may indicate a cyber-physical health of
cyber nodes 124A-E,sensor device 144A,actuator device 146A, and/or physical process attribute 152A. The error metric 177AN may indicate a cyber-physical health ofcyber nodes 124A, B and E,sensor device 144B,actuator device 146B, and/or physical process attribute 152B. Differences between the fragment errors 177AA-AN may be attributed to inclusion and/or exclusion ofcyber-physical components 102 in respective CPC paths 108A-N. Differences in the fragment errors 177AA-AN may correspond to differences in a cyber-physical health of one or more of the:cyber node 124C,sensor devices 144A-B,actuator devices 146A-B, physical process attributes 152A-B, and/or the like. - In some embodiments, the
RS agent 110 may be configured to adapt communication ofstate keys 160 and/or statekey fragments 161 to, inter alia, further refinecyber-physical components 102 to whichparticular error metrics 175 may be attributed (e.g., determine the cause and/or source of anomalous error metrics 175). The adaptations may comprise configuring communication of a series of overlappingstate keys 160, which, as disclosed above, may be communicated through a same overlap region of thecontrol system 101. TheRS agent 110 may configure communication of thestate keys 160 throughisolation CPC paths 108 that vary with respect to inclusion/exclusion of particularcyber-physical components 102, such that differences inerror metrics 175 thereof may be attributed to the particularcyber-physical components 102 included/excluded in the respectiveisolation CPC paths 108. - In response to communication of the state key 160A, the
RS agent 110 may adapt communication of a subsequent state key 160B, as disclosed above. TheRS agent 110 may configure state key 160B to overlap with state key 160A, which may comprise configuring state key 160B for communication throughCPCE 105A. TheRS agent 110 may be configured to communicate fragments 161BA-BN through CPC paths 108BA-BN, that may correspond to thesame CPCE 105A, but differ from the CPC paths 108AA-AN of state key 160A with respect to inclusion and/or exclusion of particularcyber-physical components 102. TheRS agent 110 may be configured to communicate the state key 160B, as follows: -
160B {105B} CPC path 108In. 126 Physical control coupling 148Ret. 126 Frag. error 108BA 124A, E 146A 152A 144A 124D, B, A 171BA: {161BA} 177BA . . . . . . . . . 108BN 124A, E 146B 152B 144A 124B, A 171BN: {161BN} 177BN - The error metric 177BA may quantify error introduced during communication of
fragment 161A through CPC path 108BA, which differs from CPC path 108AA with respect tocyber node 124C. TheRS agent 110 may configure the fragment 161BA to bypasscyber node 124C, while utilizing the same or similarcyber-physical components 102 of CPC path 108AA. Since CPC paths 108AA and 108BA only differ with respect tocyber node 124C, theRS agent 110 may attribute differences between fragment errors 177AA and 177BA tocyber node 124C. In one embodiment, the fragment error 177AA may be anomalous and, in response, theRS agent 110 may adapt communication of subsequent state keys 160 (e.g., state key 160B) to isolate components of the CPC path 108AA associated with the fragment error 177AA. TheRS agent 110 may determine that the fragment error 171BA is nominal and, since the CPC path 108BA differs from the CPC path 108AA associated with the anomalous fragment error 177AA by inclusion ofcyber node 124C, theRS agent 110 may determine thatcyber node 124C was the source and/or cause of the anomaly (e.g., thecyber node 124C may be compromised and/or subject to cyber-attack). TheRS agent 110 may be further configured to communicatesubsequent state keys 160 to verify thatcyber node 124C is the source of the anomaly (e.g., by communicatingsubsequent state keys 160 through paths that differ with respect to their inclusion ofcyber node 124C, and comparing the resulting error metrics 175). - As illustrated above, the
RS agent 110 may configure the CPC path 108BN through which state key fragment 161BN may be configured to isolate one or morecyber-physical components 102 of CPC path 108AN. TheRS agent 110 may adapt the CPC path 108BN of the subsequent state key 160B in order to, inter alia, refine thecyber-physical components 102 to which the resulting fragment errors 177AN and/or 177BN may be attributed, as disclosed above. TheRS agent 110 may configure the CPC path 108BN to differ from CPC path 108AN with respect to selectedcyber-physical components 102. The CPC path 108BN may differ from the CPC path 108AN with respect to thephysical couplings 148 thereof. The physical coupling of CPC path 108BN may comprise transmitting validation data 171BN from theactuator device 146B tosensor device 144A (rather than tosensor device 144B, as in CPC path 108AN). TheRS agent 110 may, therefore, determine that differences between fragment errors 177AN and 177BN may be attributed to communication through thephysical control coupling 148 comprisingactuator device 146B and sensor device(s) 144A or 144B. TheRS agent 110 may further determine that a cause and/or source of a higher fragment error 177AN as compared to 177BN issensor device 144B, and a cause and/or source of a higher fragment error 177BN compared to 177AN issensor device 144A. - In some embodiments, the
RS agent 110 may be further configured to detecthigh error metrics 175 and, in response, configure communication ofsubsequent state keys 160 and/or statekey fragments 161 to, inter alia, determine a source and/or cause thereof. In response to detecting high error metrics 175 (e.g.,error metrics 175 that exceed one or more error threshold), theRS agent 110 may be configured to determine a “error region,” which may comprise region(s) of thecontrol system 101 covered by thestate keys 160 having thehigh error metrics 175. TheRS agent 110 may be further configured to identifycyber-physical components 102 included in the determined error region, which may be potential causes of thehigh error metrics 175. TheRS agent 110 may be configured to maintain a group comprisingcyber-physical components 102 that are potential causes of the high error metric 175 (an “error group”), which may initially comprise the identifiedcyber-physical components 102. TheRS agent 110 may, therefore, initially attribute thehigh error metrics 175 tocyber-physical components 102 within the error group. In some embodiments, theRS agent 110 may be further configured to further determine and/or refine the cause and/or source oferror metrics 175, which may comprise excludingcyber-physical components 102 as potential causes of high error metrics 175 (e.g., refining the error group and/or error region), determining anomaly weights for the identifiedcyber-physical components 102, the anomaly weights indicating a likelihood that respectivecyber-physical components 102 are a cause of thehigh error metrics 175, determining error weights for the identifiedcyber-physical components 102, the error weights indicatingerror metrics 175 attributable to respectivecyber-physical components 102, and/or the like. TheRS agent 110 may be configured to communicate overlappingstate keys 160, evaluateerror metrics 175 of the overlappingstate keys 160, and determine and/or refine the cause oferror metrics 175 based on the evaluation. - The
RS agent 110 may be configured to adapt communication ofstate keys 160 in accordance with a cyber-physical isolation scheme. Implementing a cyber-physical isolation scheme may comprise theRS agent 110 configuring overlappingstate keys 160 to isolate selected cyber regions in a cyber isolation scheme (e.g., isolatingcyber components 120,cyber nodes 124, and/or the like). TheRS agent 110 may communicate overlappingstate keys 160 throughisolation CPC paths 108 having same or similar computational and/orphysical components 130/140 (same or similar physical process couplings 148), while varying selected portions of the cyber regions thereof (e.g., varyingcyber paths 126 thereof). TheRS agent 110 may communicatefragments 161 of the overlappingstate keys 160 to the same orsimilar correlators 166, and/or acquirevalidation data 171 from the same orsimilar receivers 168. Implementing a cyber isolation scheme may further comprise theRS agent 110 modifyingcyber paths 126 of respective state key fragments 161 (and/or corresponding validation data 171) to include and/or omit selected cyber regions, such that communication of the overlappingstate keys 160 and/orfragments 161 cover different cyber regions within the overlap region. TheRS agent 110 may be further configured to evaluateerror metrics 175 of the overlapping state keys 160 (and/or state key fragments 161), detect changes in theerror metrics 175, and attribute the detected changes to particular cyber regions (in accordance with differences between thecyber components 120 included and/or omitted in the respective isolation CPC paths 108). Implementing a cyber-physical isolation scheme may further comprise the RS agent isolating physical control regions in a physical isolation scheme (e.g., isolating computational and/orphysical components 130/140), which may comprise theRS agent 110 communicating overlappingstate keys 160 throughisolation CPC paths 108 having same or similar cyber regions (e.g., cyber paths 126), while varying the physical control regions thereof (e.g., varying the computational and/orphysical components 130/140, and/orphysical couplings 148 through which state key fragments 161 are transmitted and/orcorresponding validation data 171 are received). Implementing a physical isolation scheme may comprise theRS agent 110 communicating statekey fragments 161 of the overlappingstate keys 160 through the same or similarcyber paths 126, while modifying the physical control regions to include and/or exclude selectedphysical components 140 and/or communicatevalidation data 171 by, across, and/or through differentphysical processes 150 and/or physical process attributes 152. TheRS agent 110 may be further configured to evaluateerror metrics 175 of the overlappingstate keys 160, detect changes in theerror metrics 175, and attribute the detected changes to particular computational and/orphysical components 130/140 (in accordance with thecomponents 130/140 included in and/or excluded from the respective isolation CPC paths 108). - In one embodiment, the
RS agent 110 may detect astate key 160 having an anomalous error metric 175 and, in response, may adapt one or moresubsequent state keys 160 to overlap with the region covered thereby (e.g., may generatestate keys 160 that overlap the region covered bystate key 160 having the anomalous error metric 175). TheRS agent 110 may communicate the overlappingstate keys 160 throughisolation paths 108 that, as disclosed above, may vary with respect to inclusion and/or exclusion of particularcyber-physical components 102. TheRS agent 110 may configure theisolation paths 108 in accordance with a cyber and/or physical isolation scheme, as disclosed above. TheRS agent 110 may evaluateerror metrics 175 of the overlappingstate keys 160. In response to an overlappingstate key 160 havinglow error metrics 175, theRS agent 110 may indicate thatcyber-physical components 102 covered thereby may be excluded as potential causes of the anomalous error metric 175 (may be removed from the error group and/or region). In response to an overlappingstate key 160 having a high error metric 175, theRS agent 110 may indicate thatcyber-physical components 102 covered thereby, that have not already been excluded as potential causes of the anomaly, may be retained as a potential cause of the anomaly. TheRS agent 110 may continue adapting communication ofsubsequent state keys 160 to further refine the potential causes of the anomaly, which may comprise communicating thesubsequent state keys 160 throughisolation CPCE paths 108 configured to selectively include and/or excludecyber-physical components 102 remaining in the error group and/or region. TheRS agent 110 may continue iteratively adapting communication ofsubsequent state keys 160 until the cause of the anomaly is determined, no further refinement is possible (per thecyber-physical topology 115 of the control system 101), and/or another termination criterion is satisfied. - Although particular examples of modifications to communication of
state keys 160 and/or statekey fragments 161 are described herein, the disclosure is not limited in this regard and may be adapted to utilize any suitable modifications and/or adaptations to the communication of thestate keys 160, statekey fragments 161, and/or the like, to determine, indicate, and/or isolatecyber-physical components 102,cyber nodes 124,cyber paths 126, and/orphysical process couplings 148 of thecontrol system 101 such that error metrics 175 (and/or portions thereof) may be attributed thereto. - In some embodiments, in response to detection of an
anomalous metric 175, theRS agent 110 may be configured to: identifycyber-physical components 102 that are potential causes of the anomaly, and determine anomaly weights for the identifiedcyber-physical components 102, the anomaly weights indicating a likelihood that respectivecyber-physical components 102 are a cause of the anomaly. The identifiedcyber-physical components 102 may comprisecyber-physical components 102 covered by thestate key 160 having the anomalous error metric 175. TheRS agent 110 may be configured to assign initial anomaly weights to each identifiedcyber-physical component 102, communicate overlappingstate keys 160 through isolation CPC paths 108 (according to a cyber and/or physical isolation scheme, as disclosed above), and adjust the anomaly weights of respectivecyber-physical components 102 based on theerror metrics 175 determined in response to communication of the overlappingstate keys 160 through therespective CPC paths 108. TheRS agent 110 may be configured to increase the anomaly weights ofcyber-physical components 102 covered by overlappingstate keys 160 havinghigher error metrics 175, and decrease the anomaly weights ofcyber-physical components 102 covered by overlappingstate keys 160 havinglower error metrics 175. Alternatively, or in addition, theRS agent 110 may be configured to increase the anomaly weights ofcyber-physical components 102 included inisolation CPC paths 108 associated with higher fragment errors 177, and decrease the anomaly weights ofcyber-physical components 102 included inisolation CPC paths 108 associated with lower fragment errors 177. TheRS agent 110 may continue iteratively refining the anomaly weights of the identifiedcyber-physical components 102 until a termination criterion is satisfied (e.g., until the anomaly weights have converged, the anomaly weights of respectivecyber-physical components 102 diverge sufficiently to enable the cause of theanomalous error metrics 175 to be determined, no further refinement is possible, and/or another criterion is satisfied). - In some embodiments, the
RS agent 110 may be configured to determine error weights forcyber-physical components 102 within particular regions of thecontrol system 101. TheRS agent 110 may configure a series ofstate keys 160 for communication through a specified region of thecontrol system 101, the specified region comprising one or more CPCE 105 (e.g., a series of overlapping state keys 160). TheRS agent 110 may be further configured to communicate the series of overlapping state keys 160 (and/orfragments 161 thereof) through respectiveisolation CPC paths 108, and may configure theisolation CPC paths 108 to selectively include and/or exclude particularcyber-physical components 102. - In some embodiments, the
RS agent 110 may compareerror metrics 175 of respective overlapping state keys 160 (and/or respective isolation CPC paths 108). The comparing may comprise detecting deltas between the error metrics 175 (error metric Δ values). In response to detecting an error metric Δ that exceeds an error Δ threshold, theRS agent 110 may be configured to adaptsubsequent state keys 160 to determine a cause and/or source of the error metric Δ (e.g., by identifyingcyber-physical components 102 that are potential causes of the error metric Δ, and implementing cyber and/or physical isolation scheme(s) to refine and/or weight the identifiedcyber-physical components 102 as potential sources of the error metric Δ, as disclosed herein). In some embodiments, theRS agent 110 may configure a series ofstate keys 160 for communication through a specified overlap region.RS agent 110 may configure the overlappingstate keys 160 for communication through respective isolation CPC paths 108 (e.g., in accordance with a cyber-physical isolation scheme, as disclosed herein). TheRS agent 110 may be configured to determine error weights for respectivecyber-physical components 102 within the specified region based on, inter alia,error metrics 175 of the series of overlappingstate keys 160. TheRS agent 110 may be configured to determine error weights for respectivecyber-physical components 102 within a specified region by, inter alia: assigning an initial error weight to eachcyber-physical component 102 within the specified region (and/or assigning previously determined error weights thereof), communicating a series of overlappingstate keys 160 through respectiveisolation CPC paths 108 of the specified region, evaluatingerror metrics 175 of the series ofstate keys 160, and adjusting the error weights assigned to the respectivecyber-physical components 102 in accordance with the resultingerror metrics 175. TheRS agent 110 may be configured to increase the error weights ofcyber-physical components 102 covered bystate keys 160 havinghigher error metrics 175, and decrease the error weights ofcyber-physical components 102 covered bystate keys 160 havinglower error metrics 175. Alternatively, or in addition, theRS agent 110 may be configured to increase the error weights ofcyber-physical components 102 included inisolation CPC paths 108 having higher fragment errors 177, and decrease the error weights ofcyber-physical components 102 included inisolation CPC paths 108 having lower fragment errors 177. TheRS agent 110 may continue iteratively refining the error weights until a termination criterion is satisfied, as disclosed herein. - The
RS agent 110 may determinecyber-physical health metadata 180 for thecontrol system 101 based on, inter alia, theerror metrics 175 determined forstate keys 160 communicated through thecontrol system 101, as disclosed herein. TheRS agent 110 may be further configured to determine cyber-physical health metrics for respective regions of thecontrol system 101 based on, inter alia,error metrics 175 corresponding tostate keys 160 that cover the respective regions. TheRS agent 110 may determine cyber-physical health metrics forrespective CPCE 105 of thecontrol system 101 based on, inter alia,error metrics 175 ofstate keys 160 that cover therespective CPCE 105. TheRS agent 110 may be further configured to determine cyber-physical health metrics forrespective CPC paths 108, which may be based on, inter alia,error metrics 175 corresponding to communication of state keys 160 (and/or state key fragments 161) through the respective CPC paths 108 (e.g., fragment errors 177). TheRS agent 110 may be further configured to determine cyber-physical health metrics for particular cyber-physical components 102 (e.g., groups of one or morecyber-physical components 102,CPCE sections 109, and/or the like) based on, inter alia, error metrics ofstate keys 160 and/or statekey fragments 161 by, across, and/or through the particularcyber-physical components 102. TheRS agent 110 may be further configured to determine cyber-physical health metrics for particular cyber-physical components 102 (and/or groups thereof) based on, inter alia, anomalies attributed thereto, anomaly weights and/or error weights determined therefor, and/or the like, as disclosed herein. TheRS agent 110 may be further configured to determine confidence metrics pertaining to the cyber-physical state metadata 111 (and/or respective thereof). The confidence metrics may be based on, inter alia, theerror metrics 175 determined forstate keys 160 communicated through thecontrol system 101, as disclosed herein. TheRS agent 110 may be further configured to determine confidence metrics forcyber-physical state metadata 111 corresponding torespective CPCE 105,CPC paths 108,CPCE sections 109,cyber-physical components 102, and/or the like, based on, inter alia, theerror metrics 175, anomalies attributed thereto, anomaly weights, and/or error weights, as disclosed above. TheRS agent 110 may be further configured to determine and/or monitor cyber-physical health of the control system 101 (and respective regions thereof), which may comprise determiningcyber health metrics 282 indicating andphysical health metrics 284. Thecyber health metrics 282 may be configured to indicate a cyber health of the control system 101 (and/or respective regions thereof). Thecyber health metrics 282 may indicate a health of cyber communication within thecontrol system 101, a health of the CS network 122 (and/or respective portions thereof), a health of respectivecyber components 120, a health of respectivecyber nodes 124, and/or the like. Thecyber health metrics 282 may be based on, inter alia,error metrics 175 ofstate keys 160 communicated throughCPC paths 108 of the control system 101 (e.g.,error metrics 175 forstate keys 160 communicated through respectivecyber components 120,cyber nodes 124, portions of theCS network 122, and/or the like, as disclosed herein). Thecyber health metrics 282 may further incorporate confidence metrics determined for the cyber state metadata 220 (and/or portions thereof), as disclosed herein. - The
physical health metrics 284 may be configured to indicate a physical health of the control system 101 (and/or respective regions thereof). Thephysical health metrics 284 may indicate a health ofrespective CPCE 105,CPC paths 108,computational components 130,physical components 140,physical control couplings 148,PPV 155, and/or the like. Thephysical health metrics 284 may be based on, inter alia,error metrics 175 ofstate keys 160 communicated throughphysical control sections 149 ofrespective CPCE 105 of the control system 101 (e.g.,error metrics 175 forvalidation data 171 communicated by, across, and/or throughphysical control couplings 148 of thecontrol system 101, as disclosed herein). Thephysical health metrics 284 may further incorporate confidence metrics determined for the cyber state metadata 220 (and/or portions thereof), as disclosed herein. -
FIG. 4 depicts embodiments ofcyber-physical health metadata 180, as disclosed herein. In theFIG. 4 embodiment, thecyber-physical health metadata 180 may be included in thecyber-physical topology 115 and/orsignature schema 116. Thecyber-physical health metadata 180 maintained by theRS agent 110 may comprisecyber health metadata 182 andphysical health metadata 184. TheRS agent 110 may be configured to maintaincyber health metadata 182 and/orphysical health metadata 184 corresponding to respective portions of thecontrol system 101 as illustrated inFIG. 1B . TheRS agent 110 may be configured to determine cyber and/orphysical health metadata CPCE 105A and/or respective portions thereof. TheRS agent 110 may be configured to determinecyber health metadata 182 pertaining to respective regions of thecyber section 129A ofCPCE 105A (respective cyber regions, such as respectivecyber components 120,cyber nodes 124,cyber paths 126, and/or the like). - The
cyber health metadata 182 may comprise information pertaining to the cyber health of the control system 101 (and/or respective regions thereof), as disclosed herein. Thecyber health metadata 182 may comprise one or morecyber health parameters 181, which may include, but are not limited to:error parameters 181A, confidence parameters 181B,state parameters 181N, and/or the like. Theerror parameters 181A may comprise information pertaining to errormetrics 175 associated with communication of state keys 160 (and/or state key fragments 161) by, across, and/or through respective cyber regions of the control system 101 (e.g., respectivecyber components 120,cyber nodes 124,cyber paths 126,cyber sections 129, and/or the like). Theerror parameters 181A may comprise a distribution of error metrics 175 (e.g., average, mean, minimum, maximum, variance, deviation, and/or the like), an age of the error metrics 175 (e.g., a time sinceerror metrics 175 corresponding to the cyber region were acquired by the RS agent 110),error metrics 175 and/or weights attributed to respective cyber regions (e.g., error weights determined for respective cyber region), anomalies attributed to respective cyber regions (e.g., anomaly weights determined for respective cyber regions), and/or the like. The confidence parameters 181B may indicate a confidence incyber state metadata 220 pertaining to respective cyber regions. The confidence parameters 181B may quantify a confidence that thecyber state metadata 220 corresponding to respective cyber regions accurately represents the cyber states thereof. The confidence parameters 181B may be based on, inter alia, theerror parameters 181A of thecyber health metadata 182, as disclosed herein. Thestate parameters 181N may indicate a health of the cyber state of the control system 101 (and/or respective cyber regions thereof). Thestate parameters 181N may be based on the error and/orconfidence parameters 181A/181B. Alternatively, or in addition, thestate parameters 181N may be determined by, inter alia, comparing a cyber state of the control system 101 (e.g., thecyber state metadata 220 and/or respective portions thereof) to predetermined cyber behaviors (e.g., cyber state baselines, cyber state profiles, and/or the like, as disclosed in further detail herein). Thestate parameters 181N may indicate a degree to which the cyber state of the control system 101 (and/or respective cyber regions thereof) correspond to “healthy” cyber states and/or behaviors. Alternatively, or in addition, thestate parameters 181N may indicate a degree to which the cyber state of the control system 101 (and/or respective cyber regions thereof) correspond to “unhealthy” cyber states and/or behaviors. Determining thestate parameters 181N may comprise comparingcyber state metadata 220 to corresponding cyber state characteristics corresponding to respective “healthy” and/or “unhealthy” cyber behaviors (e.g., “healthy” and/or “unhealthy”cyber state baselines 552, as disclosed in further detail herein). Thestate parameters 181N may, therefore, indicate whether the cyber state of the control system 101 (as indicated by the cyber state metadata 220) corresponds to “healthy” cyber behavior or to “unhealthy” cyber behavior indicative of cyber-attack, cyber compromise, and/or the like. Thecyber health metadata 182 may further comprise one or morecyber health metrics 282, which may be configured to quantify a cyber health of the control system 101 (and/or respective cyber regions thereof). Thecyber health metrics 282 may be based on, inter alia,health parameters 181A-N of thecyber health metadata 182, as disclosed herein. Thecyber health metrics 282 may be inversely proportional to theerror parameters 181A and/or proportional to the confidence parameters 181B. Alternatively, or in addition, thecyber health metrics 282 may be inversely proportional to error, differences, and/or distances between thecyber state metadata 220 and “healthy” cyber behaviors and/or proportional to error, differences, and/or distances between thecyber state metadata 220 and “unhealthy” cyber behaviors (as indicated by thestate parameters 181N). - The
physical health metadata 184 may comprise information pertaining to the physical health of the control system 101 (and/or respective regions thereof), as disclosed herein. Thephysical health metadata 184 may comprise one or morephysical health parameters 183, which may include, but are not limited to:error parameters 183A,confidence parameters 183B,state parameters 183N, and/or the like, as disclosed herein. Theerror parameters 183A may comprise information pertaining to errormetrics 175 associated with communication of state keys 160 (and/or state key fragments 161) by, across, and/or through respective physical control regions of the control system 101 (e.g., through respective physical control sections 149). Theerror parameters 183A of the physical may comprise a distribution of error metrics 175 (e.g., average, mean, minimum, maximum, variance, deviation, and/or the like), an age of the error metrics 175 (e.g., a time sinceerror metrics 175 corresponding to the physical region were acquired by the RS agent 110),error metrics 175 and/or weights attributed to respective physical control regions (e.g., error weights determined for respective physical control regions), anomalies attributed to respective physical control regions (e.g., anomaly weights determined for respective physical regions), and/or the like. Theconfidence parameters 183B may indicate a confidence inphysical state metadata 240 pertaining to respective physical control regions. Theconfidence parameters 183B may quantify a confidence that thephysical state metadata 240 corresponding to respective physical control regions accurately represents the physical states thereof. Theconfidence parameters 183B may be based on, inter alia, theerror parameters 183A of thephysical health metadata 184, as disclosed herein. Thestate parameters 183N may indicate a health of the physical state of the control system 101 (and/or respective physical control regions thereof). Thestate parameters 183N may be based on the error and/orconfidence parameters 183A/183B. Alternatively, or in addition, thestate parameters 183N may be determined by, inter alia, comparing a physical state of the control system 101 (e.g., thephysical state metadata 240 and/or respective portions thereof) to predetermined physical control behaviors (e.g., physical state baselines, physical state profiles, and/or the like, as disclosed in further detail herein). Thestate parameters 183N may indicate a degree to which the physical state of the control system 101 (and/or respective physical control regions thereof) correspond to “healthy” physical states and/or behaviors. Alternatively, or in addition, thestate parameters 183N may indicate a degree to which the physical state of the control system 101 (and/or respective physical control regions thereof) correspond to “unhealthy” physical behaviors. Determining thestate parameters 183N may comprise comparingphysical state metadata 240 to corresponding physical state characteristics corresponding to respective “healthy” and/or “unhealthy” physical states and/or behaviors (e.g., “healthy” and/or “unhealthy”physical state baselines 554, as disclosed in further detail herein). Thestate parameters 183N may, therefore, indicate whether the physical state of the control system 101 (as indicated by the physical state metadata 220) corresponds to “healthy” physical behavior or to physical behavior indicative of a component attack, a physical attack, compromise of computational and/orphysical components 130/140, a physical failure mode, and/or the like. Thephysical health metadata 184 may further comprise one or morephysical health metrics 284, which may be configured to quantify a physical health of the control system 101 (and/or respective physical regions thereof). Thephysical health metrics 284 may be based on, inter alia,physical health parameters 183A-N, as disclosed herein. Thephysical health metrics 284 may be inversely proportional to theerror parameters 183A and/or proportional to theconfidence parameters 183B. Alternatively, or in addition, thephysical health metrics 284 may be inversely proportional to error, differences, and/or distances between thephysical state metadata 240 and “healthy” physical behaviors and/or proportional to error, differences, and/or distances between thephysical state metadata 240 and “unhealthy” physical behaviors (as indicated by thestate parameters 183N). - As illustrated in
FIG. 4 , theRS agent 110 may be configured to maintain a cyber health metadata 182 (and cyber health metrics 282) pertaining to the control system 101 (and/or respective cyber regions thereof. TheRS agent 110 may be configured to determine and/or maintain a plurality ofcyber health metadata 182A-N (and corresponding cyber health metrics 282), includingcyber health metadata 182A-E pertaining to the health of cyber regions comprising respectivecyber nodes 124A-E ofCPCE 105A (and correspondingcyber state metadata 220A-E),cyber health metadata 182F-H pertaining to the health of cyber regions corresponding to respectivecyber paths 126 ofCPCE 105A (and correspondingcyber state metadata 220A-C, 220A-D, and 220A-E, respectively), and a cyber health metadata 182L pertaining to the health of thecyber section 129 ofCPCE 105A (and correspondingcyber state metadata 220A-E). TheRS agent 110 may be further configured to determinecyber health metadata 182N pertaining to substantially all of thecyber components 120 of the control system 101 (and corresponding to substantially all of thecyber state metadata 220A-N). - The
RS agent 110 may be further configured to maintain physical health metadata 184 (and physical health metrics 284) pertaining to the control system 101 (e.g., respective physical control regions thereof).FIG. 4 illustrates embodiments ofphysical health metadata 184 pertaining toCPCE 105A, including:physical health metadata 184A-E pertaining tosensor devices 144A-B andactuator devices 146A-B, respectively (and correspondingphysical state metadata 240A-D);physical health metadata 184E pertaining to the controller 132 (and correspondingphysical state metadata 240E);physical health metadata 184F pertaining to the health ofphysical components 140 ofCPCE 105A (e.g., sensor andactuator devices 144A-B/146A-B, and correspondingphysical state metadata 240A-D); andphysical state metadata 184G pertainingphysical control section 149A (e.g., thecontroller 132,sensor devices 144A-B,actuator devices 146A-B,PPV 155A, and correspondingphysical state metadata 240A-E). TheRS agent 110 may be further configured to determinephysical health metadata 184N pertaining to substantially all of the computational and/orphysical components 130/140 of thecontrol system 101, and which may correspond to substantially all of thephysical state metadata 240A-N. - Referring back to
FIG. 2 , theRS agent 110 may be further configured to implement mitigation operations based on and/or in response to theerror metrics 175, the determinedcyber-physical health metadata 180,cyber health metadata 182,cyber health metrics 282,physical health metadata 184,physical health metrics 284, and/or the like. The mitigation operations may include, but are not limited to: providing access to the cyber-physical state of the control system 101 (and/or respective regions thereof), providing access to the cyber state metadata 220 (and/or respective portions thereof), providing access to the physical state metadata 240 (and/or respective portions thereof), providing access to theerror metrics 175 determined by theRS agent 110, providing access to thecyber-physical health metadata 180 determined by the RS agent 110 (and/or respective portions thereof), providing access tocyber health metadata 182 and/orcyber health metrics 282 determined by theRS agent 110, providing access tophysical health metadata 184 and/orphysical health metrics 284 determined by theRS agent 110, and/or the like. Providing access may comprise generating notifications pertaining to one or more of the: cyber-physical state of thecontrol system 101,cyber-physical state metadata 111,cyber state metadata 220,physical state metadata 240,cyber-physical health metadata 180,cyber health metadata 182,cyber health metrics 282,physical health metadata 184,physical health metrics 284, and/or the like. Generating notifications may comprise sending notifications to one or more users and/or end-points within theCS network 122 and/or one or more external networks (e.g., computing devices, RTU, HMI devices,automation controllers 134, and/or the like). - The mitigation operations may comprise generating notifications in response to
error metrics 175 that exceed one or more error thresholds. Generating notifications pertaining to an error metric 175 that exceeds a determined error threshold and/or an anomalous error metric 175, may comprise generating a notification identifying the error metric 175, aCPCE 105 associated with the error metric 175, the cyber-physical component(s) 102 identified as the cause and/or source of the error metric 175,cyber-physical components 102 identified as potential causes and/or sources of the error metric 175 (and/or respective weights assigned thereof), and/or the like. Generating notifications pertaining to a cyber and/or physical confidence metric may comprise generating a notification identifying the confidence metric, aCPCE 105 associated with the confidence metric,cyber-physical state metadata 111 corresponding to the confidence metric,cyber-physical components 102 associated with thecyber-physical state metadata 111, and/or the like. - The mitigation operations may comprise generating notifications in response to
cyber health metadata 182,cyber health parameters 181, and/orcyber health metrics 282 failing to satisfy one or more cyber health thresholds. Alternatively, or in addition, the mitigation operations may comprise generating notifications in response to determining that the cyber state of the control system 101 (and/or a region thereof) corresponds to particular cyber behaviors (e.g., “healthy” cyber behavior, “unhealthy” cyber behavior, or the like as indicated bystate metrics 181N of thecyber health metadata 184, as disclosed herein). Generating notifications pertaining tocyber health metrics 282 may comprise generating a notification identifying thecyber health metrics 282, a cyber region corresponding to the cyber health metrics 282 (e.g.,cyber components 120,cyber nodes 124,CPCE 105, and/or the like), cyber behavior associated with the cyber health metrics 282 (e.g., “healthy” or “unhealthy” cyber behavior corresponding to the cyber health metrics 282), and/or the like. - The mitigation operations may comprise generating notifications in response to
physical health metadata 184,physical health parameters 181, and/orphysical health metrics 284 failing to satisfy one or more physical health thresholds. Alternatively, or in addition, the mitigation operations may comprise generating notifications in response to determining that the physical state of the control system 101 (and/or a region thereof) corresponds to particular physical behaviors (e.g., “healthy” physical behavior, “unhealthy” physical behavior, or the like as indicated bystate metrics 181N of thephysical health metadata 184, as disclosed herein). Generating notifications pertaining tophysical health metrics 284 may comprise generating a notification identifying thephysical health metrics 284, a physical control region corresponding to the physical health metrics 284 (e.g.,computational components 130,physical components 140,CPCE 105, and/or the like), physical behavior associated with the physical health metrics 284 (e.g., “healthy” or “unhealthy” physical behavior corresponding to the physical health metrics 284), and/or the like. - The mitigation operations may comprise operations to modify
CPCE 105,CPC paths 108, respectivecyber-physical components 102, and/or the like. The mitigation operations may comprise modifyingCPCE 105 associated withhigh error metrics 175, anomalies, poorcyber health metrics 282, poorphysical health metrics 284, “unhealthy” cyber behavior, “unhealthy” physical behavior, and/or the like. The mitigation operations may comprise slowing control function(s) ofrespective CPCE 105, halting control function(s) of theCPCE 105, modifying the control function(s) of the CPCE 105 (e.g., implementing a “safe mode” of the CPCE 105), isolating theCPCE 105 fromother CPCE 105 of thecontrol system 101, isolatingcyber-physical components 102 of theCPCE 105 from othercyber-physical components 102 of thecontrol system 101, and/or the like. TheRS agent 110 may implement mitigation operations in accordance with thesecurity policy 211. Thesecurity policy 211 may be maintained within memory and/or storage resources of the RS agent 110 (e.g., in volatile memory, non-volatile memory, non-transitory storage, and/or the like). Alternatively, or in addition, theRS agent 110 may be communicatively coupled to thesecurity policy 211 maintained within memory and/or storage resources of anothercyber-physical component 102 of thecontrol system 101. Thesecurity policy 211 may define triggers for respective mitigation operations, as disclosed herein (e.g., may define error thresholds, health thresholds, confidence thresholds, and/or the like). Thesecurity policy 211 may further comprise information pertaining to notifications (e.g., specify contents of the notifications, recipients and/or end points for the notifications, and/or the like). Thesecurity policy 211 may further define mitigation operations to implement in response toparticular error metrics 211, health metrics, confidence metrics, and/or the like. Thesecurity policy 211 may specify modifications torespective CPCE 105, control functions, the cyber-physical topology 115 (to isolaterespective CPCE 105 and/or cyber-physical components 102), and/or the like. -
FIG. 5A is a schematic block diagram of another embodiment of acyber-physical system 100 comprising aresilient security agent 110, as disclosed herein. In theFIG. 5A embodiment, thecyber-physical system 100 comprises acontrol system 101, as disclosed herein. Thecontrol system 101 of theFIG. 5A embodiment may comprise a plurality ofCPCE 105A-N, eachCPCE 105A-N comprising respective computational components 130 (e.g.,respective controllers 132A-N) configured to implement a control function pertaining torespective PPV 155A-N (e.g., respectivephysical processes 150A-N) by use of respective physical components 140A-N (e.g., respective sensor andactuator devices 144A-N/146A-N).FIG. 5B is a schematic diagram of data structures configured to represent and/or correspond to acyber-physical topology 115 of thecontrol system 101. As illustrated inFIG. 5A , thecontrollers 132A-N may comprise and/or correspond to respectivecyber nodes 124A-N. The controllers 132A-N may be coupled tophysical components 140 throughcyber nodes PPV 155A-N ofrespective CPCE 105A-N (sensor andactuator devices 144A-N/146A-N may be operatively coupled tophysical processes 150A-N ofCPCE 105A-N, respectively). InFIG. 5B , thecyber-physical topology 115 may further comprise information pertaining torespective CPCE 105A-N, including information pertaining to thephysical control sections 149A-N and/orcyber sections 129A-N, thereof, as disclosed herein. Thephysical control sections 149A-N may identify: thecomputational components 130 configured to implement control functions of therespective CPCE 105A-N (e.g.,controllers 132A-N), and thephysical components 140 by which the control functions are realized (e.g.,actuator devices 146A-N andsensor devices 144A-N, respectively). Thecyber sections 129A-N comprise information pertaining tocyber paths 126 betweenrespective controllers 132A-N and the physical components 140A-N thereof (e.g., cyber paths coupling eachcontroller 132A-N torespective actuator devices 146A-N andsensor devices 144A-N). -
FIG. 5B further illustrates embodiments ofcyber-physical state metadata 111 configured to, inter alia, comprise, define, and/or characterize a cyber-physical state of thecontrol system 101, as disclosed herein. Thecyber-physical state metadata 111 may comprisecyber state metadata 220 and/orphysical state metadata 240, as disclosed herein. Thecyber state metadata 220 may be configured to comprise, define, and/or characterize respective regions of the control system 101 (e.g., respectivecyber-physical components 102,cyber nodes 124,cyber paths 126,CPCE 105,CPC paths 108, and/or the like). In theFIG. 5B embodiment, thecyber-physical state metadata 111 may comprise:cyber state metadata 220A-N, andcyber state metadata 220N-P, which may comprisecyber state parameters 222 configured to characterize the state of respectivecyber nodes 124A-P, as disclosed herein (individualcyber state parameters 222 not shown inFIG. 5B to avoid obscuring details of the illustrated embodiments). Alternatively, or in addition, thecyber state metadata 220 may comprisephysical state metadata 220Z configured to characterize a cyber state of the cyber-physical system 100 (e.g., may correspond to a cyber state of theCS network 122 and/or thecyber nodes 124 coupled thereto). Thecyber-physical state metadata 111 may further comprise: physical state metadata 240AA-ND, which may comprisephysical state parameters 242 configured to characterize the physical state ofrespective actuator devices 146A-N,sensor devices 144A-N, and/orcontrollers 132A-N, as disclosed herein (individualphysical state parameters 242 not shown inFIG. 5B to avoid obscuring details of the illustrated embodiments). Alternatively, or in addition, thephysical state metadata 240 may comprise an entry 240ZZ configured to characterize a physical state of the control system 101 (e.g., may correspond to a physical state of the computational and/orphysical components 130/140 of the control system 101). -
FIG. 5B further illustrates embodiments of asignature schema 116, which may comprise and/or defineCPSS 118 pertaining to respective regions of the control system 101 (e.g., respective cyber regions, physical control regions, and/or the like). Thesignature schema 116 may definecyber state signatures 228A-P, which may characterize a state of cyber communication at respectivecyber nodes 124A-P, and may be derived from respectivecyber state metadata 220A-P, as disclosed herein. Thesignature schema 116 may further definecyber signatures 228Q-S, which may be configured to characterize a cyber state of respectivecyber sections 129A-N ofCPCE 105A-N (may be derived fromcyber state metadata 220 characterizing the cyber state ofcyber nodes 124 included in the respectivecyber sections 129A-N). Alternatively, or in addition, thesignature schema 116 may comprise acyber state signature 228Z, which may be configured to characterize a cyber state of thecyber-physical system 100. - The
signature schema 116 may further define physical state signatures 248AA-AC, which may be configured to characterize portions of thephysical control section 149A ofCPCE 105A (e.g., characterize a physical state of theactuator device 146A,sensor device 144A, andcontroller 132A, respectively). Thesignature schema 116 may further define a physical state signature 248AD, which may be configured to characterize a state of thephysical control section 149A ofCPCE 105A, as disclosed herein. Thesignature schema 116 may define similar physical state signatures 248BA-BN through 248NA-ND, which may be configured to characterize a physical state of respective physical control sections 149B-N ofCPCE 105B-N. Alternatively, or in addition, thesignature schema 116 may define a physical state signature 240ZZ, which may be configured to characterize a physical state of thecontrol system 101. - Referring to
FIG. 5A , thecontrol system 101 may comprise anRS agent 110, as disclosed herein. TheRS agent 110 may comprise and/or be communicatively coupled tocyber-physical state metadata 111, as disclosed herein. In theFIG. 5A embodiment, theRS agent 110 may be configured for operation on anautomation controller 134, which may be communicatively coupled to thecontrollers 132A-N ofrespective CPCE 105A-N. In some embodiments, theautomation controller 134 may be configured to control and/or manage theCPCE 105A-N, as disclosed herein (e.g., may configure thecontrollers 132A-N to implement one or more higher-level functions pertaining to thephysical processes 150A-N). - The
signature schema 116 may further comprise and/or correspond tocyber-physical health metadata 180 determined by theRS agent 110. As illustrated inFIG. 5B , theRS agent 110 may be configured to maintaincyber-physical health metadata 180 corresponding to respective cyber and/or physical regions of the control system 101 (e.g., at a same and/or similar granularity as the signature schema 116). The disclosure is not limited in this regard, however, and may be adapted to maintain cyber and/orphysical health metadata 182/184 in any suitable data structure and/or at any suitable level of granularity. The granularity at which thecyber-physical health metadata 180 are maintained may correspond to, inter alia, the cyber-physical topology 115 (may correspond to a granularity at which theRS agent 110 is capable of assigningerror metrics 175 to respectivecyber-physical components 102, as disclosed herein). - In the
FIG. 5A embodiment, theRS agent 110 may comprise asecurity module 510, which may be configured to, inter alia, communicatestate keys 160 through selectedCPCE 105A-N of thecontrol system 101, determineerror metrics 175 corresponding to communication of therespective state keys 160, and/or determinecyber-physical health metadata 180 for thecontrol system 101 based on, inter alia, thedetermined error metrics 175, as disclosed herein. TheRS agent 110 may further comprise akey module 512 configured to generatestate keys 160, a parsemodule 514 configured to parsestate keys 160 into respective state key fragments 161A-N, acommunication module 516 configured to communicate the state key fragments 161A-N through selected regions of thecontrol system 101, and areconstruction module 514 configured to generatevalidation keys 170 corresponding to thestate keys 160 by use ofvalidation data 171A-N acquired in response to communication of thefragments 161A-N thereof. - The
RS agent 110 may comprise, be embodied by, and/or be coupled to computingresources 201, which may include, but are not limited to: processingresources 202,storage resources 204,cyber communication resources 206, and/or the like, as disclosed herein. Portions of the RS agent 110 (e.g., one or more of themodules computing resources 201, such as one or more processors, programmable logic, and/or the like). Alternatively, or in addition, one or more of themodules RS agent 110 may be embodied as computer-readable instructions 205 stored within thenon-transitory storage resources 206, as disclosed herein. - The
security module 510 may be configured to communicatestate keys 160 in accordance with asecurity policy 211. Thesecurity policy 211 may comprise and/or specify any suitable information pertaining to operation of theRS agent 110 including, but not limited to: a rate at whichstate keys 160 are communicated through the control system 101 (e.g., a frequency, period, and/or the like), thresholds (e.g., error thresholds, key error thresholds, fragment error thresholds, health thresholds, confidence thresholds, and/or the like), a mitigation policy, and/or the like. - The
security policy 211 may comprise and/or correspond to acoverage schema 511. Thecoverage schema 511 may comprise a scheme for coverage of the control system 101 (and/or respective portions thereof) byrespective state keys 160 and/or theCPKD 162 of therespective state keys 160. Thecoverage schema 511 may define criteria by which regions through which respective state keys 160 (and/or thefragments 161A-N thereof) are to be communicated may be selected. Thecoverage schema 511 may further define criteria by which regions of thecontrol system 101 to be covered byCPKD 162 of therespective state keys 160 may be selected (e.g., a configuration ofCPSS 118 and/orcyber-physical state parameters 112 from which to derive theCPKD 162 of respective state keys 160). Thecoverage schema 511 may further comprise a schema for parsingstate keys 160 intorespective fragments 161A-N, communicating the state key fragments 161A-N and/orcorresponding validation data 171A-N through selectedCPE paths 108, reconstructing thevalidation data 171A-N to formrespective validation keys 170, and so on. In some embodiments, thesecurity module 510 may adapt thecoverage schema 511 in accordance with a cyber-physical state of thecontrol system 101,error metrics 175 ofrespective state keys 160, and/or the like. Thesecurity module 510 may be configured to, inter alia, adapt thecoverage schema 511 in accordance with an isolation scheme, as disclosed herein (e.g., to implement a cyber-physical isolation scheme). Thesecurity module 510 may be configured to adapt thecoverage schema 511 to determine and/or refine potential causes of high error metrics, determine anomaly weights for respective regions of the control system 101 (e.g., respective cyber-physical components 102), characterize a cyber-physical health of selected regions of thecontrol system 101, determine error weights for respective regions of the control system 101 (e.g., respective cyber-physical components 102), and/or the like, as disclosed herein. - The
key module 512 may be configured to generate state keys 160 (e.g., may comprise a state key generator, as disclosed herein). Thekey module 512 may be configured to generatestate keys 160 configured to cover selected regions of the control system 101 (e.g.,state keys 160 configured for communication throughCPC paths 108 of the selected regions). Thekey module 512 may be further configured to generatestate keys 160 comprisingCPKD 160 configured to cover selected regions of the control system 101 (e.g.,CPKD 162 comprising cyber key data and/or physical key data configured to cover selected regions of the control system 101). Thekey module 512 may be configured to generatestate keys 160 in response to commands from thesecurity module 510, which may be configured to specify regions to be covered by thestate keys 160 and/or specifyCPKD 162 to include in the state keys 160 (e.g.,cyber-physical state parameters 112,CPSS 118, and/or the like). - The parse
module 514 may be configured to parsestate keys 160 into a plurality offragments 161A-N, as disclosed herein. The parsemodule 514 may be configured to parse thestate keys 160, such that thefragments 161A-N thereof pertain to corresponding CPKD fragments 163A-N. The parsemodule 514 may be configured to parse thestate keys 160 in accordance with thecyber-physical state metadata 111,cyber-physical topology 115 and/orsignature schema 116 for the control system 101 (e.g., in accordance with a parsingschema 117, as disclosed herein). - The
communication module 516 may be configured to monitor and/or cover selected regions of thecontrol system 101, which may comprise communicating state keys 160 (and/orfragments 161A-N thereof) through the selected regions of thecontrol system 101. Thecommunication module 516 may be configured to communicatestate keys 160 throughCPCE 105 and/orCPC paths 108 specified by thesecurity module 510. Thesecurity module 510 may selectCPCE 105 and/orCPC paths 108 for communication ofrespective state keys 160 and/or state key fragments 161A-N in accordance with a key scheme, which may comprise selection criteria by which thesecurity module 510 may selectCPCE 105 and/orCPC paths 108. The selection criteria may comprise a weighted criterion, in whichCPCE 105A-N are assigned respective weights (wi comprising the weight assigned to theith CPCE 105 ofCPCE 105A-N). Thesecurity module 510 may be configured to selectCPCE 105A-N in accordance with the weights assigned thereto (e.g., in a weighted selection, weighted round-robin selection, and/or the like). Thesecurity module 510 may be further configured to determine weights forrespective CPCE 105A-N based on one or more weighting factors. In some embodiments, thesecurity module 510 may be configured to assign weights torespective CPCE 105A-N, as follows: -
w i =W pri,i +W err ·e i +W err_age ·err_agei - In the expression above, wi is the weight assigned to the
ith CPCE 105 ofCPCE 105A-N, and Wpri,i may be a weighting factor assigned to theCPCE 105, which may correspond to a relative priority for monitoring of theCPCE 105 compared to others of theCPCE 105A-N. Werr may be a weighting and/or scaling factor applied to errormetrics 175 and/orerror parameters 181A/183A of the CPCE 105 (ei), such thatCPCE 105 havinghigher error metrics 175 and/orerror parameters 181A/183A are monitored more frequently thanother CPCE 105. Werr_age may be a weighting and/or scaling factor applied to an error age parameter (err_agei), which may correspond to an age of the error metrics 175 (and/orerror parameters 181A/183A) of the CPCE 105 (e.g., a time elapsed since astate key 160 and/or statekey fragment 161 was last communicated through the CPCE 105), such thatCPCE 105 having higher error age parameters are more likely to be selected thanother CPCE 105. Alternatively, or in addition, thesecurity module 510 may be configured to selectCPCE 105 and/orCPC paths 108 in accordance with an isolation scheme, as disclosed herein. Thesecurity module 510 may be configured to adapt communication of a sequence of state keys 160 (and/orfragments 161A-N thereof) such that resultingerror metrics 175 may be attributed to particular cyber and/or physical regions of the control system 101 (e.g., to determine a cause and/or source ofhigh error metrics 175, as disclosed herein). - The
communication module 516 may be configured to transmit state key fragments 161A-N throughCPCE 105 and/orCPC paths 108 selected by thesecurity module 510, as disclosed herein. Communication of a statekey fragment 161 through aCPC path 108 may comprise transmitting thefragment 161 to a selected correlator 166 (e.g., an actuator device 146), and receivingcorresponding validation data 171 from a receiver 168 (e.g., a sensor device 144). Communication through aCPC path 108 may comprise communication ofvalidation data 171 corresponding to the statekey fragment 161 through aphysical control coupling 148 that comprises and/or corresponds to thePPV 155 of the selected CPCE 105 (e.g., a particular physical process 150), as disclosed herein. Thecommunication module 516 may be further configured to acquirevalidation data 171A-N corresponding to each statekey fragment 161A-A, validate message(s) comprising thevalidation data 171A-N, determine a latency of thevalidation data 171A-N, synchronize thevalidation data 171A-N, associate thevalidation data 171A-N with thestate key 160 and/or corresponding CPKD fragments 163A-N thereof, and/or the like, as disclosed herein. Thereconstruction module 518 may be configured to generate avalidation key 170,validation CPKD 172, and/or validation CPKD fragments 173A-N by use of, inter alia, the acquiredvalidation data 171A-N. Thereconstruction module 518 may be configured to generate a cyber-physical reconstruction of the state key 160 (validation key 170) from cyber-physical reproductions (validation data 171A-N) of therespective fragments 161A-N thereof, as disclosed herein. - In the
FIG. 5A embodiment, thesecurity module 510 of theRS agent 110 may be further configured to, inter alia, determineerror metrics 175 in response to communication ofrespective state keys 160, as disclosed herein. Theerror metrics 175 may comprise key errors 176 configured to quantify errors and/or differences between state keys 160 (and/or theCPKD 162 thereof) and corresponding validation keys 170 (and/or thevalidation CPKD 162 thereof), as disclosed herein. Theerror metrics 175 may comprise fragment errors 177A-N, which may be configured to quantify errors and/or differences between statekey fragments 161A-N (and/or CPKD fragments 163A-N thereof) andcorresponding validation data 171A-N (and/or CPKD fragments 163A-N thereof). Thesecurity module 510 may be further configured to determinecyber-physical health metadata 180, includingcyber health metadata 182 and/orphysical health metadata 184 based on, inter alia, thedetermined error metrics 175, as disclosed herein. - In some embodiments, the
security module 510 may be further configured to determine, adapt, and/or modify thecoverage schema 511 based on, inter alia,error metrics 175 and/orcyber-physical health metadata 180 pertaining to thecontrol system 101. As disclosed above, thecoverage schema 511 may specify a configuration ofstate keys 160 generated and/or communicated by theRS agent 110. Thecoverage schema 511 may define a configuration of one or moresubsequent state keys 160, sequences ofstate keys 160, and/or the like. Thesecurity module 510 may determine thecoverage schema 511 in accordance with, inter alia, theerror metrics 175 and/orcyber-physical health metadata 180. In some embodiments, thesecurity module 510 may be configured to determine a source and/or cause ofhigh error metrics 175. Thesecurity module 510 may detecterror metrics 175 that exceed one or more thresholds in response to communication of an identified state key 160 (and/orfragments 161A-N thereof) throughparticular CPCE 105A-N. In response, thesecurity module 510 may implement an iterative isolation scheme (e.g., a cyber-physical isolation scheme, as disclosed herein). Each iteration of the isolation scheme may comprise thesecurity module 510 configuring asubsequent state key 160, such that thesubsequent state key 160 correlates and/or relates to the identifiedstate key 160. Astate key 160 that correlates and/or relates to aparticular state key 160 refers to astate key 160 configured for communication through thesame CPCE 105A-N as theparticular state key 160 and/or throughrelated CPC paths 108 as theparticular state key 160. Thesecurity module 510 may configure thesubsequent state key 160 to correspond to the identified state key 160 (by use of the coverage schema 511), such that the subsequent state key 160 (and/orfragments 161A-N thereof) is configured for communication through theparticular CPCE 105A-N and/orCPC paths 108 corresponding to the identifiedCPC paths 108. Thesecurity module 510 may further configure thesubsequent state key 160 for communication throughCPC paths 108 that differ from the identified CPC paths 108 (and/orCPC paths 108 of one or more previous iterations) with respect to inclusion/exclusion of particularcyber-physical components 102. In one embodiment, the iterative isolation scheme may comprise identifying a group ofcyber-physical components 102 that are potential causes of thehigh error metrics 175, which may comprise determiningcyber-physical components 102 comprising theparticular CPCE 105A-N. Each iteration of the isolation scheme may comprise configuring astate key 160 for communication through theparticular CPCE 105A-N via aCPC path 108 that includes and/or excludes one or more of the cyber-physical components of the group, evaluatingerror metrics 175 of thesubsequent state key 160, and either removing or retaining respectivecyber-physical components 102 within the group based on, inter alia, evaluation of the error metrics 175 (and/or weighting respectivecyber-physical components 102 of the group), as disclosed herein. Thesecurity module 510 may continue the iterative isolation scheme until the source of the high error metric is determined, no further refinement of the source of the error is possible, and/or other termination criteria have been satisfied. In response to determining the source of a high error metric 175 (and/or determining weights indicating a likelihood that particularcyber-physical components 102 and/or regions are the source of the error), thesecurity module 510 may update thecyber-physical health metadata 180 and/or implement one or more mitigation operations, as disclosed herein. - In some embodiments, the
security module 510 may use thecoverage schema 511 to generate an isolation sequence (e.g., a sequence of overlappingstate keys 160, as disclosed herein). The isolation sequence may be configured, such that differences in theerror metrics 175 of respective overlappingstate keys 160 thereof may be attributed to particular regions of the control system 101 (e.g., particularcyber-physical components 102,cyber nodes 124,cyber paths 126,CPCE 105,CPC paths 108,CPCE sections 109, and/or the like, as disclosed herein). Implementing an isolation sequence may comprise thesecurity module 510 iteratively communicating overlappingstate keys 160 through respectiveisolation CPC paths 108, evaluating the resultingerror metrics 175, and attributing differences in theerror metrics 175 to particular regions of thecontrol system 101, as disclosed herein. Thesecurity module 510 may continue iteratively communicating overlappingstate keys 160 untilerror metrics 175 are attributed to respective regions thereof at a designated level of granularity, no further refinement is possible, and/or other termination criteria are satisfied. Implementing an isolation sequence may further comprise thesecurity module 510 updating thecyber-physical health metadata 180 in accordance with theerror metrics 175 attributed to the respective regions of thecontrol system 101, as disclosed herein. - The following is an exemplary isolation sequence comprising state keys 160A-N configured for communication through an overlap
region comprising CPCE 105A-N (e.g., overlapping state keys 160A-N). -
160A {105A, B} 175A Fragments In. 126 148 Ret. 126 170A: 176A 161AA 124A, O 146A 150A 144A 124O, A 171AA: {105A} 177AA 161AN 124B, O 146B 150B 144B 124O, B 171BN: {105B} 177BN 160A {105A, N} 175B Fragments In. 126 148 Ret. 126 170B: 176B 161BA 124A, O 146A 150A 144A 1240, A 171BA: {105A} 177BA 161BN 124N, P 146N 150N 144N 124P, N 171BN: {105N} 177BN 160C {105B, N} 175C Fragments In. 126 148 Ret. 126 170C: 176C 161CA 124B, O 146B 150B 144B 124O, B 171CA: {105B} 177CA 161CN 124N, P 146N 150N 144N 124P, N 171CN: {105N} 177CN - As illustrated above, fragments 161AA-AN of state key 160A may be configured for communication through
CPCE CPCE CPCE - The
security module 510 may be configured to evaluate the error metrics 175A-N in order to, inter alia, attribute differences therebetween to respective regions of thecontrol system 101, as disclosed herein. In one embodiment, thesecurity module 510 may evaluate key errors 175A-C in order to, inter alia, attribute differences toparticular CPCE 105A-N. By way of non-limiting example, key error 176C may be significantly lower than key errors 176A and/or 176B, which may be substantially the same (e.g., key error 176C may be lower than 176A and 176B by ΔE). Based on thecoverage schema 511, thesecurity module 510 may determine that the cause of ΔE isCPCE 105A (since the higher key errors 176A and 176C both include error introduced by CPCE 105C, which is excluded from key error 176C). Thesecurity module 510 may also excludecyber node 1240 as a potential cause of the increased error since, inter alia,cyber node 1240 is also included in the lower key error 176C. Thesecurity module 510 may, therefore, refine the error region and/or error group tocomponents security module 510 may determine that further refinement is not possible without creation of an alternativephysical control coupling 148 forphysical process 150A (e.g., aphysical control coupling 148 that includes/excludes one or more of theactuator device 146A and/orsensor device 144A). Thesecurity module 510 may be further configured to verify that ΔE is attributable toCPCE 105A by, inter alia, adapting one or moresubsequent state keys 160 to include and/or excludeCPCE 105A (and/or the physical control region thereof), and evaluating the resultingerror metrics 175, as disclosed herein. - In another embodiment, the
security module 510 may determine that each of the key errors 176A-C comprise error attributable to arespective CPCE 105A-N, as follows: 176A=E{105A}+E{105B}; 176B=E{105A}+E{105N}; and 176C=E{105B}+E{105N}. Accordingly, a difference between key errors 176A and 176B may correspond to a difference between E{105B} and E{105N} (ΔBN), the difference between key errors 176B and 176C may correspond to a difference between E{105A} and E{105B} (ΔAB), and a difference between key errors 176A and 176C may correspond to a difference between E{105A} and E{105N} (ΔBN). Thesecurity module 510 may attribute the determined differences torespective CPCE 105A-N and/or adaptsubsequent state keys 160 to verify and/or further refine the determined differences, as disclosed herein. Thesecurity module 510 may be further configured to attribute differences between fragment errors 177AA-CN to respective regions of thecontrol system 101 and/or adaptsubsequent state keys 160 to verify and/or further refine the determined differences, as disclosed herein. - By way of further example, the
security module 510 may configure one or more subsequent state keys 160D-F for communication throughrespective CPCE 105 ofCPCE 105A-N, as follows: -
160D{105A} 175D Fragments In. 126 148 Ret. 126 170D: 176D 161DA 124A, O 146A 150A 144A 124O, A 171DA: {105A} 177DA 161DN 124A, O 146A 150A 144A 124O, A 171DN: {105A} 177DN 160E {105B} 175E Fragments In. 126 148 Ret. 126 170E: 176E 161EA 124B, O 146B 150B 144B 124P, B 171EA: {105B} 177EA 161EN 124B, O 146B 150B 144B 124P, B 171EN: {105B} 177EN 160F {105B, N} 175F Fragments In. 126 148 Ret. 126 170F: 176F 161FA 124N, P 146N 150N 144N 124P, N 171FA: {105N} 177FA 161FN 124N, P 146N 150N 144N 124P, N 171FN: {105N} 177FN - As illustrated above, fragments 161DA-FN of state keys 160D-F may be communicated through same and/or
similar CPC paths 108 throughrespective CPCE 105A-N. Accordingly, the resulting key errors 170F-E may correspond to communication error through therespective CPCE 105A-N and differences between key errors 170F-E and key errors 170A-C may be attributable torespective CPCE 105A-N, as disclosed herein. Moreover, differences in fragment errors 177DA-DN, 177EA-EN, and/or 177FA-FN of the respective state keys 160D-F may be attributable to individualcyber-physical components 102 of theCPCE 105A-N, as disclosed herein. - In some embodiments, the
security engine 510 may be further configured to determine cyber-physical state confidence (CPSC) metrics 575, which may be configured to, inter alia, quantify a confidence in the accuracy of the cyber-physical state metadata 111 (and/or respective portions thereof). The CPCS metrics 575 may be based on, inter alia,error metrics 175 determined forrespective state keys 160. As disclosed above, theerror metrics 175 may quantify a degree to whichCPDK 162 is modified during communication throughrespective CPC paths 108. Theerror metrics 175 may, therefore, indicate the likelihood that cyber and/or physical state information acquired fromcyber-physical components 102 ofrespective CPC paths 108 is accurate (e.g., accurately represents the actual, current cyber and/or physical state of thecontrol system 101 and/or respective regions thereof). Thesecurity engine 510 may determine CPSC metrics 575 to be inversely proportional to theerror metrics 175. Thesecurity engine 510 may determine CPSC metrics 575 for respective portions of thecyber-physical state metadata 111. Thesecurity engine 510 may determine CPSC metrics 575 for regions of thecontrol system 101 based on, inter alia,error metrics 175 ofstate keys 160 covering the respective regions. Thesecurity engine 510 may determine CPSC metrics 575 for cyber regions of the control system 101 (e.g.,cyber state metadata 220 configured to characterize a state of respectivecyber components 120,cyber nodes 124,cyber paths 126, and/or the like) based on, inter alia,error metrics 175 corresponding to communication of respective state key fragments 161 (and/or corresponding validation data 171) by, across, and/or through the respective cyber regions. Thesecurity engine 510 may determine CPSC metrics 575 for physical control regions of the control system 101 (e.g.,physical state metadata 240 configured to characterize a state of respectivecomputational component 130,physical components 140,physical control couplings 148,PPV 155, and/or the like) based on, inter alia,error metrics 175 corresponding to communication of respective state key fragments 161 (and/or corresponding validation data 171) by, across, and/or through the respective physical control regions. - As disclosed above, the
security module 510 may be configured to determinecyber-physical health metadata 180 for the control system 101 (and/or respective regions thereof), which may be based onerror metrics 175 determined forrespective state keys 160, as disclosed herein. Thesecurity module 510 may be further configured to incorporate CPSC metrics 575 into thecyber-physical health metadata 180, which may indicate, inter alia, a confidence that thecyber-physical state metadata 111 accurately represents the cyber-physical state of thecontrol system 101. Thesecurity module 510 may be configured to incorporate CPSC metrics 575 to thecyber health metadata 182, the incorporating comprising indicating a determined confidence that thecyber state metadata 220 accurately represents the cyber state of the controls system 101 (and/or respective regions thereof). Thesecurity module 510 may be further configured to incorporate CPSC metrics 575 into thecyber health metadata 182, the incorporating comprising indicating a determined confidence that thephysical state metadata 240 accurately represents the physical state of the controls system 101 (and/or respective regions thereof). - In some embodiments, the
security engine 510 may further configured to evaluate and/or monitor the cyber-physical state metadata 111 (and/or respective portions thereof). Thesecurity module 510 may be configured to determinecyber state metrics 553 corresponding to evaluation of the cyber state of the control system 101 (as indicated by the cyber state metadata 220), andphysical state metrics 555 corresponding to evaluation of the physical state of the control system 101 (as indicated by the physical state metadata 240). - Determining the
cyber state metrics 553 may comprise thesecurity module 510 applying one or more cyber state evaluation rules to thecyber state metadata 220. As used herein, a “cyber state evaluation rule” (CSER) refers to criteria and/or computer-readable instructions by which thesecurity module 510 may evaluate specified cyber state characteristics. As used herein, a “cyber state characteristic” may comprise and/or correspond to thecyber state metadata 220, one or morecyber state parameters 222, one or morecyber state signatures 228, portion(s) thereof, and/or the like. A CSER may comprise any means for evaluating specified cyber state characteristics including, but not limited to: an expression, a regular expression, a mathematical expression, a logical expression, a comparison, a mathematical comparison, an inequality, linear programming (LP) logic, non-LP logic, and/or the like. Thecyber state metrics 553 may indicate CSER evaluated by thesecurity module 510, identify successfully validated CSER, identify CSER evaluation failures (and/orcyber-physical components 102 associated with the CSER evaluation failures), specify scores resulting from evaluation of respective CSER, and/or the like. By way of non-limiting example, a CSER may specify that the messages-per-sender at specifiedcyber nodes 124 be lower than one or more thresholds. Evaluation of the CSER may comprise comparing cyber state characteristics of the specifiedcyber nodes 124 to one or more thresholds (e.g., comparing messages-per-sendercyber state parameters 222 of the specifiedcyber nodes 124 to the thresholds). Alternatively, evaluation of the CSER may comprise determining a CSER score corresponding to the messages-per-sender characteristics of the specifiedcyber nodes 124. By further non-limiting example, thecyber state metrics 553 may indicate whether the specifiedcyber nodes 124 satisfy the CSER, identifycyber nodes 124 having messages-per-sendercyber state parameters 222 that are near to and/or exceed one or more of the thresholds, and/or specify CSER evaluation scores for the respectivecyber nodes 124. - In some embodiments, determining the
physical state metrics 555 may comprise thesecurity module 510 applying one or more physical state evaluation rules. As used herein, a “physical state evaluation rule” (PSER) refers to computer-readable instructions by which thephysical state evaluator 1252 may evaluate specified characteristics of thephysical state 1202 of the control system 101 (evaluate one or more physical state characteristics). As used herein, a “physical state characteristic” may comprise and/or correspond to thephysical state metadata 240, one or morephysical state parameters 242, one or morephysical state signatures 248, portion(s) thereof, and/or the like. Alternatively, or in addition, a physical state characteristic and/or PSER may correspond to aphysical control coupling 148 and/or physical control metadata 249 (e.g., may correspond to a relationship betweenphysical components 140 and one ormore PPV 155 as defined in, inter alia,physical control metadata 249, as disclosed herein). A PSER may comprise any means for evaluating specified physical state characteristics, as disclosed herein (e.g., criteria, instructions, expressions, and/or the like). Thephysical state metrics 555 may indicate PSER evaluated by thesecurity module 510, identify successfully validated PSER, identify PSER evaluation failures (and/orcyber-physical components 102 associated with the PSER evaluation failures), specify scores corresponding to evaluation of respective PSER, and/or the like. - By way of non-limiting example, a PSER may specify that a
controller 132 should cause a specifiedactuator device 146 to open a circuit breaker in response to current measurements acquired by a specifiedsensor device 144 exceeding a current threshold. Evaluating the PSER may comprise determining whether the physical state of thesensor device 144 corresponds to the physical state of the actuator device 146 (and/or vice versa). The evaluating may comprise determining whether current measurements acquired by thesensor device 144 exceed the threshold and, if so, whether theactuator device 146 is configured to open the circuit breaker. Evaluation of the PSER may fail in response to determining that theactuator device 146 failed to open the circuit breaker and/or failed to open the circuit breaker within the threshold time. Alternatively, or in addition, evaluation of the PSER may comprise determining a PSER score corresponding to a time at which theactuator device 146 opened the circuit breaker. In another non-limiting example, a PSER may specify that input electrical power to a motor controlled by a specified actuator device 146 (a motor controller), as measured by afirst sensor device 144 coupled to a power source (an electrical power meter), should be within an efficiency threshold of an output mechanical power of the electrical motor system, as measured by a second sensor device 144 (a mechanical power meter). Evaluating the PSER may comprise determining whether the input electrical power acquired from thefirst sensor device 144 is within the threshold of the output mechanical power acquired from thesecond sensor device 144, and/or whether the acquired actuation state of theactuator device 146 corresponds to the input electrical power and/or output mechanical power reported by the first/second sensor devices 144. The evaluating may comprise determining that the input electrical power reported by thefirst sensor device 144 corresponds to the actuation state of theactuator device 146, but that the output mechanical power reported by thesecond device 144 is lower than the input electrical power by more than the efficiency threshold. In response, thesecurity engine 510 may determine that evaluation of the PSER indicates failure and/or compromise of thefirst sensor device 144 and/or electrical motor. By further non-limiting example, evaluation of the PSER may comprise correlating the physical states of the first and second sensor devices 144 (e.g., determining that the input electrical power reported by thefirst sensor device 144 is within the efficiency threshold of the output mechanical power reported by the second sensor device 144), but failing to correlate the physical state of the actuator device 146 (e.g., determining that the actuation state of theactuator device 146 corresponds to an input electrical power and/or output mechanical power different from the physical states of the first and second sensor devices 144). In response, thesecurity engine 510 may determine that evaluation of the PSER indicates failure and/or compromise of theactuator device 146. The CSER and/or PSER may be maintained within thesecurity policy 211 of theRS agent 110, as disclosed herein. Although particular examples of CSER and/or PSER are described herein, the disclosure is not limited in this regard and could be adapted to use, define, and/or evaluate any suitable cyber and/or physical state characteristics pertaining to thecontrol system 101. - In some embodiments, determining the
cyber state metrics 553 may comprise thesecurity module 510 comparing thecyber state metadata 220 to one or morecyber state baselines 552. As used herein, a “cyber state baseline” (CSB) 552 refers to a particular type and/or classification of cyber behaviour, cyber state, and/orcyber state metadata 220 of the control system 101 (and/or respective regions thereof). ACSB 552 may comprise and/or correspond to one or more characteristics (cyber state baseline characteristics), which may correspond to respective cyber state characteristics of the control system 101 (e.g., correspond tocyber state metadata 220 and/or portions thereof, as disclosed herein). The features ofrespective CSB 552 may be extracted, learned, and/or determined from cyber-physical state information, such as cyber-physical state information acquired during operation of thecontrol system 101, cyber-physical state information acquired during simulated operation of thecontrol system 101, training data (e.g., cyber and/or physical state information corresponding to specified cyber and/or physical state classifications), currentcyber-physical state metadata 111, previous cyber-physical state metadata, and/or the like. In some embodiments, CSB 552 (and/or the characteristics thereof) may be determined by machine learning techniques (e.g., a classifier, as disclosed in further detail herein). In some embodiments,CSB 552 pertaining to the control system 101 (and/or respective regions thereof) may be maintained withinstorage resources 204 of theRS agent 110. Alternatively, or in addition, one ormore CSB 552 may be maintained by one or moreother components 102 of thecontrol system 101. - In some embodiments, the
RS agent 110 may comprise and/or be communicatively coupled to a plurality ofCSB 552, each comprising features configured to characterize a respective type, class, and/or classification of cyber behavior of the control system 101 (and/or respective regions thereof), including, but not limited to “healthy”CSB 552, “unhealthy”CSB 552, and/or the like. As used herein, a “healthy”CSB 552 refers to aCSB 552 configured to characterize “healthy” cyber states, behaviors, and/or characteristics of the control system 101 (as indicated by the cyber state metadata 220). TheRS agent 110 may comprise a plurality ofhealthy CSB 552, each corresponding to cyber states, behavior, and/orcyber state metadata 220 under different respective conditions (e.g., in different operating modes, under different ambient conditions, different operating times, operation in response to different types of disturbances, and/or the like). As used herein, an “unhealthy”CSB 552 refers to aCSB 552 configured to characterize “unhealthy” cyber states, behaviors, and/or characteristics of the control system 101 (as indicated by the cyber state metadata 220). TheRS agent 110 may comprise a plurality ofunhealthy CSB 552, each corresponding to cyber states, behaviour, and/orcyber state metadata 220 under different respective cyber threat conditions, which may include, but are not limited to: particular types of cyber-attacks, attacks directed against particular cyber components 120 (e.g., cyber infrastructure,cyber security components 123,cyber nodes 124, and/or the like), compromise of particularcyber components 120, attacks directed against theCS network 122, external cyber-attacks from one or more external networks, injection of adversarial cyber communication into theCS network 122, control manipulation attempts, DoS attacks, dropped packet attacks, flooding traffic attacks, data integrity attacks, replay attacks, MiTM attacks, targeted host attacks, targeted protocol attacks, manipulated traffic attacks, manipulated sensor data attacks (e.g., injection and/or replay of captured sensor data), manipulated control attacks (e.g., injection and/or replay of captured control outputs), and/or the like. - The
CSB 552 may further comprise and/or define means by which the features ofrespective CSB 552 may be compared to thecyber state metadata 220. The cyber baseline characteristics ofrespective CSB 552 may define values, ranges, thresholds, and/or other criteria for evaluating specific cyber state characteristics of the control system 101 (e.g., specifiedcyber state metadata 220,cyber state parameters 222, cyber state signatures, portion(s) thereof, and/or the like). TheCSB 552 define operations by which errors, differences, and/or distances between thecyber state metadata 220 andrespective CSB 552 may be determined. In some embodiments, theCSB 552 may be associated with confidence metrics, which may quantify a confidence in theCSB 552 accurately characterizing particular types of cyber states, behaviors, and/orcyber state metadata 220. The confidence metrics of theCSB 552 may indicate a confidence thathealthy CSB 552 accurately characterize healthy cyber behaviors (and are distinguishable from unhealthy CSB 552), and/or the like. - Determining the
cyber state metrics 553 for the control system 101 (and/or respective regions thereof) may comprise comparingcyber state metadata 220 pertaining to the control system 101 (and/or respective regions thereof) to one ormore CSB 552. The comparing may comprise comparing cyber baseline characteristics of respective CSB 550 to corresponding cyber state characteristics (e.g.,cyber state metadata 220,cyber state parameters 222,cyber state signatures 228, portion(s) thereof, and/or the like). The comparing may comprise determining CSB error metrics forrespective CSB 552, which may be configured to quantify an error, difference, and/or distance between the cyber state, behaviour, and/orcyber state metadata 220 of the control system 101 (and/or respective regions thereof) andrespective CSB 552. Thecyber state metrics 553 determined by thesecurity module 510 may comprise and/or correspond to the determined CSB error metrics. In some embodiments, thesecurity module 510 may configure thecyber state metrics 553 to quantify a degree to which the cyber state of the control system 101 (as indicated by the cyber state metadata 220) corresponds tohealthy CSB 552,unhealthy CSB 552, and/or the like. Thecyber state metrics 553 may indicate a cyber health of the control system 101 (and/or respective regions thereof), which may be inversely proportional to CSB error metrics ofhealth CSB 552 and/or be proportional to CSB error metrics ofunhealthy CSB 552. Alternatively, or in addition, thecyber state metrics 553 determined by thesecurity module 510 may identify one or moreproximate CSB 552, which may compriseCSB 552 having a closest proximity to the cyber state of the control system 101 (e.g., smallest CSB error metrics) and/orCSB 552 having CSB error metrics that satisfy one or more proximity thresholds. Thecyber state metrics 553 may indicate whether theproximate CSB 552 comprisehealthy CSB 552,unhealthy CSB 552, and/or the like. Thecyber state metrics 553 may further comprise confidence metrics, which may correspond to confidence metrics of theCSB 552, as disclosed herein. - In some embodiments, determining the physical state metrics 550 may comprise the
security module 510 comparing thephysical state metadata 240 to one or morephysical state baselines 554. As used herein, a “physical state baseline” (PSB) refers to a particular type and/or classification of physical behaviour, physical state, and/orphysical state metadata 240 of the control system 101 (and/or respective regions thereof). APSB 554 may comprise and/or correspond to one or more characteristics (physical baseline characteristics), which may correspond to respective physical state characteristics of the control system 101 (e.g., correspond tophysical state metadata 240 and/or portions thereof, as disclosed herein). The features ofrespective PSB 554 may be extracted, learned, and/or determined, as disclosed above (e.g., from cyber-physical state information,cyber-physical state metadata 111, previouscyber-physical state metadata 111, machine learning techniques, and/or the like). - In some embodiments, the
RS agent 110 may comprise and/or be communicatively coupled to a plurality ofPSB 554, each comprising features configured to characterize a respective type, class, and/or classification of physical behavior of the control system 101 (and/or respective regions thereof), including, but not limited to “healthy”PSB 554, “unhealthy”PSB 554, and/or the like. As used herein, a “healthy”PSB 554 refers to aPSB 554 configured to characterize “healthy” physical states, behaviors, and/or characteristics of thecontrol system 101,physical state metadata 240, and/or the like. TheRS agent 110 may comprise a plurality ofhealthy PSB 554, each corresponding to physical states, behavior, and/orphysical state metadata 240 under different respective conditions (e.g., in different operating modes, under different ambient conditions, different operating times, operation in response to different types of disturbances, and/or the like). As used herein, an “unhealthy”PSB 554 refers to aPSB 554 configured to characterize “unhealthy” physical states, behaviors, characteristics, physical failure modes, and/or the like. TheRS agent 110 may comprise a plurality ofunhealthy PSB 554, each corresponding to physical states, behaviour, and/orphysical state metadata 240 under different respective physical threat conditions, which may include, but are not limited to: particular types of physical and/or component attacks, attacks directed against particularcomputational components 130, compromise of particularcomputational components 130, attacks directed against particularphysical components 140, compromise of particularphysical components 140, attacks through the physical environment, physical failure modes, and/or the like. ThePSB 554 may be associated with confidence metrics, and may comprise and/or define means by which the features ofrespective PSB 554 may be to thephysical state metadata 240, as disclosed herein. - Determining the
physical state metrics 555 for the control system 101 (and/or respective regions thereof) may comprise comparingphysical state metadata 240 pertaining to the control system 101 (and/or respective regions thereof) to one ormore PSB 554. The comparing may comprise comparing physical baseline characteristics ofrespective PSB 554 to corresponding physical state characteristics (e.g.,physical state metadata 240,physical state parameters 242,physical state signatures 248, portion(s) thereof, and/or the like). The comparing may comprise determining PSB error metrics forrespective PSB 554, which may be configured to quantify an error, difference, and/or distance between the physical state, behaviour, and/orphysical state metadata 240 of the control system 101 (and/or respective regions thereof) andrespective PSB 554. Thephysical state metrics 555 determined by thesecurity module 510 may comprise and/or correspond to the determined PSB error metrics. In some embodiments, thesecurity module 510 may configure thephysical state metrics 555 to quantify a degree to which the physical state of the control system 101 (as indicated by the physical state metadata 240) corresponds tohealthy PSB 554,unhealthy PSB 554, and/or the like. Thephysical state metrics 555 may indicate a physical health of the control system 101 (and/or respective regions thereof), which may be inversely proportional to PSB error metrics ofhealth PSB 554 and/or be proportional to PSB error metrics ofunhealthy PSB 554. Alternatively, or in addition, thephysical state metrics 555 determined by thesecurity module 510 may identify one or moreproximate PSB 554, which may comprisePSB 554 having a closest proximity to the physical state of the control system 101 (e.g., smallest PSB error metrics) and/orPSB 554 having PSB error metrics that satisfy one or more proximity thresholds. Thephysical state metrics 555 may indicate whether theproximate PSB 554 comprisehealthy PSB 554,unhealthy PSB 554, and/or the like. Thephysical state metrics 555 may further comprise confidence metrics, which may correspond to confidence metrics of thePSB 554, as disclosed herein. - As disclosed above, the
security engine 510 may be configured to determinecyber health metadata 182 for thecontrol system 101, which may comprise determiningcyber health metrics 282 configured to quantify a cyber health of the control system 101 (and/or respective regions thereof). Thecyber health metrics 282 may be based on, inter alia, the error and/orconfidence metrics 175/575 determined by thesecurity module 510, as disclosed herein. Thesecurity engine 510 may be further configured to incorporate thecyber state metrics 553 into thecyber health metrics 282. In some embodiments, thecyber health metrics 282 may be based on, inter alia, evaluation of one or more CSER, as disclosed herein. Alternatively, or in addition, determining thecyber health metrics 282 may comprise comparing the cyber state of the control system 101 (as indicated by the cyber state metadata 220) to one ormore CSB 552. Thecyber health metrics 282 may, therefore, indicate a degree to which the control system 101 (and/or respective regions thereof) corresponds tohealthy CSB 552 and/or differs fromunhealthy CSB 552. Thecyber health metrics 282 may be further configured to identify one or moreproximate CSB 552 and/or indicate whether theproximate CSB 552 comprise healthy and/orunhealthy CSB 552. - The
security engine 510 may be further configured to determinephysical health metadata 184 for thecontrol system 101, which may comprise determiningphysical health metrics 284 configured to quantify a physical health of the control system 101 (and/or respective regions thereof). Thephysical health metrics 284 may be based on, inter alia, the error and/orconfidence metrics 175/575 determined by thesecurity module 510, as disclosed herein. Thesecurity engine 510 may be further configured to incorporate thephysical state metrics 555 into thephysical health metrics 284. In some embodiments, thephysical health metrics 284 may be based on, inter alia, evaluation of one or more PSER, as disclosed herein. Alternatively, or in addition, thephysical health metrics 284 may correspond to comparisons between the physical state of the control system 101 (as indicated by the physical state metadata 240) to one ormore PSB 554. Thephysical health metrics 284 may indicate a degree to which the control system 101 (and/or respective regions thereof) corresponds tohealthy PSB 554 and/or differs fromunhealthy PSB 554. Thephysical health metrics 284 may be further configured to identify one or moreproximate PSB 554 and/or indicate whether theproximate PSB 554 comprise healthy and/orunhealthy PSB 554. - The
security module 510 may be further configured to implement mitigation operations in accordance with theerror metrics 175 and/orcyber-physical health metadata 180, as disclosed herein. The mitigation operations may comprise causing theautomation controller 134 to modify one or more of theCPCE 105A-N based onerror metrics 175 and/orcyber-physical health metadata 180 pertaining thereto. The modifying may comprise slowing one or more of theCPCE 105A-N (reducing a control frequency of one or more of thecontrollers 132A-N), halting control functions of one or more of theCPCE 105A-N, modifying control functions of one or more of theCPCE 105A-N (e.g., configuring one or more of thecontrollers 132 to operate in a “safe mode”), isolating one or more of theCPCE 105A-N from thecontrol system 101, and/or the like. Thesecurity module 510 may implement mitigation operations in accordance with asecurity policy 211, as disclosed herein. - The
security engine 510 may be further configured to implement mitigation operations in accordance with the cyber and/orphysical state metrics 553/555 and/or the corresponding cyber and/orphysical health metrics 282/284. Thesecurity engine 510 may be configured to implement mitigation operations in response to cyber and/orphysical state metrics 553/555 indicating failure of one or more CSER and/or PSER and/or proximity to one or more unhealthy CSB and/orPSB 552/554, as disclosed herein. As disclosed above, thecyber state metrics 553 may identify CSER failures and/or indicate proximity to anunhealthy CSB 552. A CSER failure and/orunhealthy CSB 552 may correspond to a particular type of cyber-attack, cyber-attack directed to particularcyber components 120, compromise of particular cyber components 120 (e.g., one or more cyber nodes 124), and/or the like. Thesecurity engine 510 may implement mitigation operations in accordance with the identified CSER failure(s) and/orunhealthy CSB 552, which may comprise operations to: generate notifications corresponding to the failed CSER, generate notifications indicating theunhealthy CSB 552, mitigate cyber-attacks and/or cyber-attack vectors associated with the failed CSER and/orunhealthy CSB 552, which may comprise implementing operations to: mitigate cyber-attacks directed against identified cyber components 120 (e.g., deactivating identified cyber components 120), mitigate compromise of identified cyber components 120 (e.g., filter adversarial messages injected by the identified cyber components 120), shut down identified cyber-attack vectors (e.g., shut down one or more gateways and/or external channels), and/or the like. - The
security engine 510 may be further configured to implement mitigation operations in response to failure of one or more PSER and/or proximity to anunhealthy PSB 554. As disclosed above, a PSER failure and/orunhealthy PSB 555 may correspond to a particular type of physical and/or component attack, physical failure mode, and/or the like. Implementing mitigation operations corresponding to a PSER failure and/or proximity to anunhealthy PSB 555 may comprise implementing operations to: generate notifications indicating the failed PSER, generate notifications indicating theunhealthy PSB 554, mitigate attack(s) and/or failure modes associated with the failed PSER and/orunhealthy PSB 554, and/or the like. The mitigation operations may comprise operations to mitigate attacks directed against identified computational components 130 (e.g., reset specifiedcomputational components 130, modify control functions implemented thereby, and/or the like), mitigate attacks directed against identified physical components 140 (e.g., ignore sensor data acquired by identifiedsensor devices 144 and/or deactivate identified actuator devices 146), deactivatephysical components 140 and/orPPV 155 operating in identified failure modes, and/or the like. -
FIG. 6 is a flow diagram of one embodiment of amethod 600 for securing acyber-physical system 100, as disclosed herein. Step 610 may comprise generatingstate keys 160, eachstate key 160 comprisingCPKD 162 comprising and/or corresponding to the cyber-physical state of thecontrol system 101. Step 610 may comprise generatingstate keys 160 havingrespective CPKD 162, theCPKD 162 of eachstate key 160 comprising a respective cyber seed (e.g.,cyber state metadata 220, one or morecyber state parameters 222, one or morecyber state signatures 228, portion(s) thereof, ad/or the like) and a respective physical seed (e.g.,physical state metadata 240, one or morephysical state parameters 242, one or morephysical state signatures 248, portion(s) thereof, and/or the like). - Step 620 may comprise communicating the
state keys 160 through acyber-physical system 100, as disclosed herein. Step 620 may comprise communicating thestate keys 160 through respectivecyber-physical components 102 of thecyber-physical system 100. Step 620 may comprise communicating thestate keys 160 through respective CPCE 105 (and/or respective CPC paths 108), as disclosed herein. Step 620 may comprise communicating eachstate key 160 through one or morecyber paths 126 and one or more physical process couplings 148. Step 620 may comprise sendingstate keys 160 to selected correlators 166 (e.g., selected actuator devices 146), transmittingcorresponding validation data 171 to selected receivers 168 (e.g., selected sensor devices 144), and returning thevalidation data 171 from the selectedreceivers 168. Step 620 may comprise selectingCPCE 105 and/orCPC paths 108 forrespective state keys 160 in accordance with determined selection criteria. The selection criteria may comprise a weighted selection criterion, as disclosed herein. Step 620 may further comprise acquiring thevalidation data 171 corresponding to communication ofrespective state keys 160, as disclosed herein. - Step 630 may comprise generating
validation keys 170 corresponding torespective state keys 160. Step 630 may comprise generatingvalidation keys 170 from and/or by use of the acquiredvalidation data 171. Step 630 may comprise producing cyber-physical reconstructions ofrespective state keys 160, as disclosed herein. - Step 640 may comprise calculating
error metrics 175 forrespective state keys 160. Step 640 may comprise comparingrespective state keys 160 to corresponding validation keys 170 (e.g.,validation keys 170 constructed fromvalidation data 171 acquired in response to communication of the respective state keys 160). Theerror metrics 175 may be calculated in accordance with any suitable technique including, but not limited to: an RMS error, an edit distance, and/or the like. - Step 650 may comprise determining
cyber-physical health metadata 180 for the control system based on, inter alia, theerror metrics 175 determined atstep 640, as disclosed herein. Step 650 may comprise determiningcyber health metadata 182,physical health metadata 184, and/or the like, as disclosed herein. Step 650 may comprise determining cyber health and/or confidence metrics pertaining to respective cyber regions of thecontrol system 101 and/or corresponding cyber state metadata 220 (e.g., respectivecyber components 120,cyber nodes 124,cyber paths 126, and/or the like). Step 650 may comprise determining physical health and/or confidence metrics pertaining to respective physical control regions of thecontrol system 101 and/or corresponding physical state metadata 240 (e.g., respectivecyber components 120,cyber nodes 124,cyber paths 126, and/or the like). Step 650 may further comprise implementing one or more mitigation operations based on thedetermined error metrics 175 and/orcyber-physical health metadata 180, as disclosed herein. In some embodiments,step 650 may comprise determining cyber and/orphysical health metrics 282/284, as disclosed herein. Determining thecyber health metrics 282 may comprise determining and/or evaluating one or morecyber health parameters 181, such aserror parameters 181A, confidence parameters 181B,state parameters 181N, and/or the like. Determining thephysical health metrics 284 may comprise determining and/or evaluating one or morephysical health parameters 183, such aserror parameters 183A,confidence parameters 183B,state parameters 183N, and/or the like. Determiningstate parameters 181N of the cyber state metadata 182 (and/or cyber health metrics 282) may comprise comparing the cyber state of the control system 101 (e.g., cyber state metadata 220) to one or more CSB 552 (e.g.,healthy CSB 552,unhealthy CSB 552, cyber baseline characteristics, cyber state projections, cyber state estimates, and/or the like), as disclosed herein. Determiningstate parameters 183N of the physical state metadata 184 (and/or physical health metrics 284) may comprise comparing the physical state of the control system 101 (e.g., physical state metadata 240) to one or more PSB 554 (e.g.,healthy PSB 554,unhealthy PSB 554, physical baseline characteristics, physical state projections, physical state estimates, and/or the like), as disclosed herein. Step 650 may further comprise implementing one or more mitigation operations in accordance with thedetermined error metrics 175,cyber-physical health metadata 180,cyber health metadata 182,cyber health metrics 282,physical health metadata 184,physical health metrics 284, and/or the like, as disclosed herein. -
FIG. 7A is a flow diagram of another embodiment of amethod 700 for securing acyber-physical control system 101, as disclosed herein. Step 710 may comprise generating astate key 160 comprisingCPKD 162 pertaining to a cyber-physical state of thecontrol system 101, as disclosed herein. TheCPKD 162 may comprise one or more of acyber state parameter 222, acyber state signature 228, aphysical state parameter 242,physical state signature 248, and/or the like. Step 710 may comprise generatingcorresponding CPKD 162 in accordance with acyber-physical topology 115 and/orsignature schema 116, as disclosed herein (e.g., cyber key data and physical key data configured to cover corresponding regions of the control system 101). - Step 720 may comprise parsing the
state key 160 into a plurality offragments 161A-N, eachfragment 161A-N comprising a respective CPKD fragment 163A-N. The CPKD fragments 163A-N may comprise: acyber state parameter 222 and/or cyber state signature 228 (or portion thereof), and aphysical state parameter 242 and/or physical state signature 248 (or portion thereof). Step 720 may comprise generating corresponding CPKD fragments 163A-N in accordance with one or more of thecyber-physical topology 115,signature schema 116, and/or key schema, as disclosed herein. - Step 730 may comprise communicating the
fragments 161A-N of thestate key 160 through selectedCPCE 105, whichCPCE 105 may be selected in accordance with any suitable selection mechanism and/or criteria, as disclosed herein. Alternatively, or in addition, theCPCE 105 may be selected in accordance withCPKD 162 and/orCPKD fragments 163 covered thereby. Step 730 may comprise communicating eachfragment 161A-N of thestate key 160 through the selectedCPCE 105 via arespective CPC path 108, eachCPC path 108 comprising a firstcyber path 126, aphysical control coupling 148, and a secondcyber path 126. Communicating a statekey fragment 161A-N through aCPC path 108 may comprise sending thefragment 161A-N to a selected correlator 166 (e.g., a selected actuator device 146), transmittingvalidation data 171A-N corresponding to thefragment 161A-N by, across, and/or through aPPV 155 of the CPCE 105 (e.g., aphysical process 150, physical process attribute 152), and returning thevalidation data 171A-N from thereceiver 168, as disclosed herein. - Step 740 may comprise acquiring
validation data 171A-N corresponding to communication of therespective fragments 161A-N of thestate key 160, as disclosed herein. Step 740 may further comprise determining validation CPKD fragments 173A-N and/or generating a cyber-physical reconstruction of the state key 160 (a validation key 170) by use of the determined validation CPKD fragments 173A-N. - Step 750 may comprise determining
error metrics 175 for thestate key 160. Step 750 may comprise determining a key error 176 by, inter alia, comparing thestate key 160 to the validation key 170 (and/or comparingrespective CPKD 162 to corresponding validation CPKD 172). Step 750 may further comprise determining respective fragment errors 177A-N by, inter alia, comparing respective state key fragments 161A-N tocorresponding validation data 171A-N (and/or comparing respective CPKD fragments 163A-N to corresponding validation CPKD fragments 173A-N). - Step 760 may comprise determining
cyber-physical health metadata 180 for the control system based on, inter alia, theerror metrics 175 determined atstep 750, as disclosed herein. Step 760 may comprise determiningcyber health metrics 282,physical health metrics 284, and/or the like. Step 760 may further comprise evaluating one or more CSER and/or comparing a cyber state of the control system 101 (and/or respective regions thereof) to one ormore CSB 552, as disclosed herein. Step 760 may further comprise evaluating one or more PSER and/or comparing a physical state of the control system 101 (and/or respective regions thereof) to one ormore PSB 554, as disclosed herein. Step 760 may further comprise implementing one or more mitigation operations based on thedetermined error metrics 175,cyber-physical health metadata 180,cyber health metrics 282, and/orphysical health metrics 284, as disclosed herein. -
FIG. 7B is a flow diagram of one embodiment of amethod 701 for securing a cyber-physical system by communicatingstate keys 160 through selected regions of acyber-physical system 100, as disclosed herein. Step 711 may comprise selecting regions to be covered byrespective state keys 160. Step 711 may comprise selecting the regions based on one or more of a random selection, pseudorandom selection, a round-robin selection, an adaptive selection (to ensure adequate coverage of the control system 101), a weighted selection (to increase monitoring of venerable and/or sensitive portions of the control system 101), a deterministic selection (e.g., selection based on an isolation scheme, as disclosed herein), and/or the like. In some embodiments,step 711 may comprise a selection scheme configured to distribute coverage of regions of thecontrol system 101 108 (e.g., may comprise a round-robin selection scheme). The selection scheme ofstep 711 may be configured to evenly distribute coverage ofrespective CPCE 105 and/orCPCE paths 108 of thecontrol system 101. Alternatively, the selecting ofstep 711 may be configured to bias coverage of designated regions of the control system 101 (e.g., increase coverage of regions assigned higher priorities over regions assigned lower priorities). In some embodiments, the selecting ofstep 711 may be configured to bias selection based on characteristics of the regions (e.g., increase coverage of regions exhibiting higher error metrics 175). Step 711 may comprise implementing a weighted selection scheme (e.g., a weighted random, pseudo random, and/or round-robin selection scheme). Step 711 may comprise weighting respective regions of thecontrol system 101, as disclosed herein. The weighting may be based on one or more of: a priority assigned to the respective regions,error metrics 175 associated with the respective regions, an age of theerror metrics 175, confidence metrics ofcyber-physical state metadata 111 corresponding to the respective regions, an age of the confidence metrics,cyber-physical health metadata 180 pertaining to the respective regions, and/or the like. - Step 721 may comprise generating the
respective state keys 160. Step 721 may comprise generating therespective state keys 160 in accordance with the regions selected atstep 711. Step 721 may comprise generatingCPKD 162 for therespective state keys 160, such that theCPKD 162 of eachstate key 160 is configured to cover the selected region of thestate key 160. Alternatively, step 721 may comprise generatingCPKD 162 for therespective state keys 160 independently of the selection ofstep 711, such that theCPKD 162 of therespective state keys 160 is independent of the region of thecontrol system 101 through which the respective state keys 160 (and/r fragments 161 thereof) are communicated. Step 721 may comprise selecting regions of thecontrol system 101 to be covered by theCPKD 162 of therespective state keys 160 using any suitable selection criteria, as disclosed herein. - Step 731 may comprise communicating the
state keys 160 through the regions of thecontrol system 101 selected for thestate keys 160 atstep 711. Communicating astate key 160 may comprise splitting thestate key 160 into a plurality offragments 161A-N, and communicating eachfragment 161A-N through the selected region of thestate key 160. In some embodiments,step 731 may comprise communicating eachfragment 161A-N through the selected region via arespective CPE path 108. Step 731 may comprise selectingCPE paths 108 in accordance with a selection mechanism, as disclosed herein. Step 731 may comprise selectingCPE paths 108 for thefragments 161A-N to ensure coverage of the selected region (e.g., to coverdifferent CPE paths 108 through the selected region, cover differentcyber-physical components 102 of the region, cover differentcyber paths 126, cover differentphysical control couplings 148, and/or the like). - Step 741 may comprise acquiring
validation data 171 corresponding to communication of therespective state keys 160 through the selected regions of thecontrol system 101, and step 751 may comprise determiningcorresponding error metrics 175, as disclosed herein. Step 761 may comprise determiningcyber-physical health metadata 180 for the control system 101 (and/or the selected regions thereof) based on, inter alia, thedetermined error metrics 175, as disclosed herein. Step 761 may further comprise determiningcyber-physical health metadata 180 comprising:cyber health metadata 182,cyber health parameters 181,cyber health metrics 282,physical health metadata 184,physical health parameters 183, and/orphysical health metrics 284, as disclosed herein. Step 761 may comprise implementing mitigation operations in accordance with thedetermined error metrics 175 and/orcyber-physical health metadata 180, as disclosed herein. -
FIG. 8 is a flow diagram of another embodiment of amethod 800 for securing acyber-physical system 100, as disclosed herein. Step 810 may comprise detecting an anomalous error metric 175. Step 810 may comprise detecting an error metric 175 that exceeds one or more error thresholds (e.g., a key error 176 and/or fragment errors 177A-N exceeding respective error thresholds). Step 810 may correspond to communication of astate key 160, and the detection of the anomaly may correspond to calculation oferror metrics 175 of thestate key 160 by, inter alia, comparing the state key 160 (and/orCPKD 162 thereof) to a cyber-physical reconstruction of the state key 160 (acorresponding validation key 170 and/orvalidation CPKD 172, as disclosed herein). Step 810 may further comprise updatingcyber-physical health metadata 180 to, inter alia, associate the anomalous error metric with theCPCE 105 and/orCPC path 108 through which the state key 160 (and/orfragments 161 thereof) was communicated. - Step 820 may comprise adapting communication of one or more
subsequent state keys 160 to, inter alia, isolate a source of the detected anomaly. Step 820 may comprise configuring communication of the subsequent state key(s) 160 in accordance with a cyber-physical isolation scheme, as disclosed herein. Step 820 may comprise configuring thesubsequent state keys 160 for communication through an overlap region, the overlap region corresponding to a region covered by thestate key 160 associated with the anomalous error metric 175. Step 820 may comprise configuring thesubsequent state keys 160 for communication throughisolation CPC paths 108 through the overlap region that vary with respect to inclusion and/or exclusion of designatedcyber-physical components 102, as disclosed herein. - Step 830 may comprise attributing the anomaly based on, inter alia,
error metrics 175 of thesubsequent state keys 160, as disclosed herein. Step 830 may comprise determining that theerror metric 175 of asubsequent state key 160 is nominal and, in response, preventing the detected anomaly from being attributed tocyber-physical components 102 included in communication of thesubsequent state key 160. Alternatively, or in addition,step 830 may comprise determining that theerror metric 175 of asubsequent state key 160 is high and/or anomalous and, in response, attributing the detected anomaly to designatedcyber-physical components 102 included in communication of thesubsequent state key 160. Step 830 may comprise iteratively adapting communication ofsubsequent state keys 160 until a termination criterion is satisfied (e.g., a source of the detected anomaly is determined, no further refinement is possible, and/or the like, as disclosed herein). Step 830 may further comprise updating thecyber-physical health metadata 180 to, inter alia, associate the detected anomaly with the determined source(s) thereof and/or implementing one or more mitigation operations in response to detection and/or attribution of the anomaly, as disclosed herein. -
FIG. 9 is a flow diagram of another embodiment of amethod 900 for securing acyber-physical system 100, as disclosed herein. Step 910 may comprise detecting astate key 160 having a high error metric 175, as disclosed herein (e.g., astate key 160 having an error metric 175 that exceeds one or more error thresholds). Step 910 may further comprise implementing one or more mitigation operations in response to detection of the anomaly, as disclosed herein. - Step 920 may comprise identifying potential sources of the high error metric, as disclosed herein. Step 920 may comprise identifying an error region, the error region comprising the region of the
control system 101 covered by thestate key 160. The identifying may comprise identifyingCPCE 105 through which thestate key 160 was communicated,CPC paths 108 through which fragments 161A-N of thestate key 160 were communicated, and/or the like. Step 920 may further comprise identifying an error group comprising potential sources of the anomaly. The error group may initially comprisecyber-physical components 102 within the determined error region (e.g.,cyber-physical components 102 through which thestate key 160 and/orfragments 161 thereof were communicated). Step 920 may further comprise assigning an initial anomaly weight to each of the identifiedcyber-physical components 102, as disclosed herein. - Step 930 may comprise adapting communication of a
subsequent state key 160 to include one or more of the potential source(s) and exclude one or more of the potential source(s), as disclosed herein. Step 930 may comprise configuring thesubsequent state key 160 to overlap with the error region (e.g., configure thesubsequent state key 160 for communication through a group ofCPCE 105 that include one or more of the identifiedCPCE 105 and/or exclude one or more of the identified CPCE 105). Step 930 may comprise configuring thesubsequent state key 160 such that fragments 161A-N thereof are communicated through respectiveisolation CPC paths 108 that vary from the identifiedCPC paths 108 by, inter alia, excluding one or more of the identified potential sources (e.g., including/excluding one or more of the identifiedcyber-physical components 102, as disclosed herein). - Step 940 may comprise determining whether the
error metric 175 of thesubsequent state key 160 was reduced relative to the high error metric 175 (e.g., whether theerror metric 175 is indicative of nominal operation). If theerror metric 175 has been reduced, the flow may continue atstep 950; otherwise, the flow may continue atstep 960. - Step 950 may comprise removing the potential source(s) included in communication of the
subsequent state key 160 as potential sources of the high error metric 175 (e.g., removing correspondingcyber-physical components 102 from the error group and/or error region). Step 950 may further comprise retaining potential source(s) excluded from thesubsequent state key 160 as potential sources of the high error metric 175 (e.g., retaining the correspondingcyber-physical components 102 in the error group and/or error region). Alternatively, or in addition,step 950 may comprise decreasing an anomaly weight of respectivecyber-physical components 102 covered by thesubsequent state key 160, as disclosed herein. - Step 960 may comprise retaining the included potential sources, as disclosed herein (e.g., retaining the corresponding
cyber-physical component 102 in the error group and/or error region). Alternatively, or in addition,step 960 may comprise increasing an anomaly weight of respectivecyber-physical components 102 covered by thesubsequent state key 160, as disclosed herein. - Step 970 may comprise determining whether to continue refining the potential sources of the
high error metric 175. Step 970 may comprise determining: whether the source of the high error metric has been identified (e.g., whether the potential sources have been refined to a threshold number ofcyber-physical components 102, a sufficiently narrow region of thecontrol system 101, and/or the like), whether further refinement of the potential sources is possible (e.g., based on thecyber-physical topology 115 of the control system 101), and/or whether another termination criterion has been satisfied (e.g., whether a threshold number of iterations have been completed). Step 970 may further comprise updatingcyber-physical health metadata 180 to indicate potential sources of the anomaly and/or indicate an anomaly weight assigned to respectivecyber-physical components 102, as disclosed herein. Step 970 may comprise implementing one or more mitigation operations in response to determination of the source of the anomaly (and/or refinement of the potential sources thereof), as disclosed herein. If the determination atstep 970 is to continue, the flow may continue atstep 930, where anothersubsequent state key 160 may be adapted to include and/or exclude remaining potential sources of the high error metric 175, as disclosed herein. -
FIG. 10 is a flow diagram of another embodiment of amethod 1000 for securing acyber-physical system 100, as disclosed herein. Step 1010 may comprise detecting a state key anomaly (e.g., astate key 160 having an anomalous error metric 175, as disclosed herein). Step 1010 may further comprise implementing one or more mitigation operations in response to detection of the anomaly, as disclosed herein.Step 1020 may comprise determining an error region, which may comprise and/or correspond to a region covered by thestate key 160 having the anomalous error metric 175.Step 1020 may further comprise assigning an initial anomaly weight to eachcyber-physical component 102 within the determined error region, as disclosed herein. Step 1030 may comprise configuring an overlappingstate key 160, which may comprise configuring thestate key 160 to cover a region that overlaps with the error region, as disclosed herein. Step 1030 may comprise communicating the overlappingstate key 160 through a region of thecontrol system 101 that corresponds to and/or overlaps the error region. The error region may comprise and/or correspond to one ormore CPCE 105, and step 1030 may comprise communicating the overlappingstate key 160 through at least one of the one ormore CPCE 105. Step 1030 may further comprise communicatingfragments 161 of the overlappingstate key 160 through one or moreisolation CPC paths 108, as disclosed herein. -
Step 1040 may comprise determining whether anerror metric 175 of the overlappingstate key 160 is nominal (e.g., is lower than the anomalous error metric 175). If theerror metric 175 is nominal, the flow may continue atstep 1050; otherwise, the flow may continue atstep 1060.Step 1050 may comprise decreasing anomaly weights of respectivecyber-physical components 102 covered by the overlappingstate key 160 and/orCPC paths 108 through which fragments 161 of the overlappingstate key 160 were communicated, as disclosed herein.Step 1060 may comprise increasing anomaly weights of respectivecyber-physical components 102 covered by the overlappingstate key 160 and/orCPC paths 108 through which fragments 161 of the overlappingstate key 160 were communicated, as disclosed herein. -
Step 1070 may comprise determining whether to continue iteratively refining the anomaly weights assigned to the respectivecyber-physical components 102 of the error region, as disclosed herein.Step 1070 may comprise determining whether the anomaly weights have converged, the distribution of the anomaly weights sufficiently distinguishes the cause of the anomaly, no further refinement is possible, and/or other termination criteria. -
FIG. 10 is a flow diagram of one embodiment of amethod 1100 for characterizing a cyber-physical health of a selected region of acyber-physical system 100. Step 1010 may comprise detecting a state key anomaly (e.g., astate key 160 having an anomalous error metric 175, as disclosed herein). Step 1010 may further comprise implementing one or more mitigation operations in response to detection of the anomaly, as disclosed herein.Step 1020 may comprise determining an error region, which may comprise and/or correspond to a region covered by thestate key 160 having the anomalous error metric 175.Step 1020 may further comprise assigning an initial anomaly weight to eachcyber-physical component 102 within the determined error region, as disclosed herein. Step 1030 may comprise configuring an overlappingstate key 160, which may comprise configuring thestate key 160 to cover a region that overlaps with the error region, as disclosed herein. Step 1030 may comprise communicating the overlappingstate key 160 through a region of thecontrol system 101 that corresponds to and/or overlaps the error region. The error region may comprise and/or correspond to one ormore CPCE 105, and step 1030 may comprise communicating the overlappingstate key 160 through at least one of the one ormore CPCE 105. Step 1030 may further comprise communicatingfragments 161 of the overlappingstate key 160 through one or moreisolation CPC paths 108, as disclosed herein. -
Step 1040 may comprise determining whether anerror metric 175 of the overlappingstate key 160 is nominal (e.g., is lower than the anomalous error metric 175). If theerror metric 175 is nominal, the flow may continue atstep 1050; otherwise, the flow may continue atstep 1060.Step 1050 may comprise decreasing anomaly weights of respectivecyber-physical components 102 covered by the overlappingstate key 160 and/orCPC paths 108 through which fragments 161 of the overlappingstate key 160 were communicated, as disclosed herein.Step 1060 may comprise increasing anomaly weights of respectivecyber-physical components 102 covered by the overlappingstate key 160 and/orCPC paths 108 through which fragments 161 of the overlappingstate key 160 were communicated, as disclosed herein. -
Step 1070 may comprise determining whether to continue iteratively refining the anomaly weights assigned to the respectivecyber-physical components 102 of the error region, as disclosed herein.Step 1070 may comprise determining whether the anomaly weights have converged, the distribution of the anomaly weights sufficiently distinguishes the cause of the anomaly, no further refinement is possible, and/or other termination criteria. -
FIG. 11 is a flow diagram of one embodiment of amethod 1100 for characterizing a cyber-physical health of a selected region of a cyber-physical system, as disclosed herein.Step 1100 may comprise selecting a region of thecontrol system 101 to characterize.Step 1110 may comprise detecting astate key 160 having a high and/or anomalous error metric 175, as disclosed herein. Alternatively,Step 1100 may comprise selecting the region based on a selection criterion, such as a weighted selection criterion, as disclosed herein. The selected region may comprise and/or correspond to one ormore CPCE 105 of thecontrol system 101. In some embodiments,step 1110 may further comprise assigning initial error weights to respectivecyber-physical components 102, cyber regions, and/or physical control regions, of the selected region, as disclosed herein. -
Step 1120 may comprise communicating overlappingstate keys 160 through the selected region (e.g.,state keys 160 that overlap with respect to the selected region, as disclosed herein).Step 1120 may comprise communicating the overlappingstate keys 160 in accordance with a cyber-physical isolation scheme, as disclosed herein. Communicating the overlappingstate keys 160 may comprise communicatingrespective fragments 161 of the overlappingstate keys 160 through respectiveisolation CPC paths 108, which may be configured to differ with respect to inclusion and/or exclusion of respective portions of the selected region (e.g., differ with respect to inclusion and/or exclusion of one or more cyber-physical components 102). -
Step 1130 may comprise determining whethererror metrics 175 of respective overlappingstate keys 160 differ by more than a threshold. In response to determining thaterror metrics 175 of the overlappingstate keys 160 have an error differential (ΔE) that exceeds a threshold, the flow may continue atstep 1140; otherwise, the flow may continue atstep 1150.Step 1140 may comprise associating the error differential ΔE with isolated portions of the high-error state keys 160. The high-error state keys 160 may comprisestate keys 160 of the overlappingstate keys 160 havingerror metrics 175 that exceed theerror metrics 175 of other, low-error state keys 160 of the overlappingstate keys 160. The isolated portion of a high-error state key 160 may comprise a portion, section, and/or sub-region of the selected region that is covered by the high-error state key 160 and is not covered by the low-error state keys 160. The isolated portion may comprisecyber-physical components 102 that: a) were included in theisolation CPC paths 108 through which fragments 161 of the high-error state keys 160 were communicated, and b) were excluded from theisolation CPC paths 108 through which fragments 161 of the low-error state keys 160 were communicated.Step 1140 may comprise attributing the error differential (ΔE), and/or a portion thereof, to the isolated portions of the high-error state keys 160. In some embodiments,step 1140 may comprise increasing error weights of respectivecyber-physical components 102, cyber regions, and/or physical control regions, of the isolated portions of the high-error state keys 160, as disclosed herein. In some embodiments,step 1140 may further comprise disassociating isolated portions of the low-error state keys 160 with the error differential, which may comprise decreasing error weights of respectivecyber-physical components 102, cyber regions, and/or physical control regions, of the isolated portions of the low-error state keys 160, as disclosed herein. - As disclosed above, the
RS agent 110 may be configured to determine error associated with the communication ofstate keys 160 throughrespective CPCE 105 of the control system 101 (and/or respectivecyber-physical components 102,CPCE sections 109, and/or the like). Thestate keys 160 may compriseCPKD 162, which may be configured to characterize the acquired cyber-physical state of the control system 101 (e.g., may comprise and/or be derived from the cyber-physical state metadata 111). In some embodiments, theRS agent 110 may be configured to acquire cyber-physical state information pertaining to thecontrol system 101. TheRS agent 110 may be configured to acquire the cyber-physical state information in conjunction with the communication ofstate keys 160 through selected regions of thecontrol system 101. TheRS agent 110 may be configured to acquire cyber-physical state information from the same and/or similar region as the regions through which thestate keys 160 are communicated (and/or corresponding cyber-physical reconstruction data are returned). Theerror metrics 175 associated with thestate keys 160 may, therefore, indicate a likelihood that cyber-physical state information acquired in conjunction with communication of thestate keys 160 accurately reflects the cyber-physical state of thecontrol system 101. -
FIG. 12A is a schematic block diagram of another embodiment ofcyber-physical system 100 comprising anRS agent 110, as disclosed herein. TheRS agent 110 may comprise asecurity engine 1210,key generator 1212,communication manager 1216, and cyber-physical error monitor (error monitor 1218), which may be configured to, inter alia, communicatestate keys 160 through thecontrol system 101, determineerror metrics 175 corresponding to communication of the state keys 160 (and/orrespective fragments 161A-N thereof), and/or determinecyber-physical health metadata 180 for thecontrol system 101 based on, inter alia, thedetermined error metrics 175. TheRS agent 110 may further comprise anacquisition engine 1206 andstate engine 1290, which may be configured to, inter alia, acquire the cyber-physical state 1201 of thecontrol system 101 and/or respective regions thereof (denoted as cyber-physical state 1201 inFIG. 12A ). TheRS agent 110 may comprise, be embodied by, and/or be coupled to computingresources 201, which may include, but are not limited to: processingresources 202,storage resources 204,cyber communication resources 206, and/or the like, as disclosed herein. Portions of the RS agent 110 (e.g., one or more of 1206, 1210, 1212, 1216, 1218, and/or 1219, and/or portion(s) thereof) may be embodied by the computing resources 201 (e.g., may comprise and/or be embodied by hardware components of thecomputing resources 201, such as one or more processors, programmable logic, and/or the like). Alternatively, or in addition, one or more of 1206, 1210, 1212, 1216, 1218, and/or 1219 may be embodied as computer-readable instructions 205 stored within thenon-transitory storage resources 206, as disclosed herein. - The
security engine 1210 may be configured to implement asecurity policy 211, as disclosed herein, which may comprise and/or correspond to acoverage schema 511. Thecoverage schema 511 may comprise a scheme for the generation and/or communication of state keys 160 (and/orrespective fragments 161A-N thereof), as disclosed herein. Thesecurity engine 1210 may be further configured to implement mitigation operations based on and/or in response toerror metrics 175 and/or the determinedcyber-physical health metadata 180, as disclosed herein. - The
key generator 1212 may be configured to generatestate keys 160 comprisingrespective CPKD 162 and/or split thestate keys 160 intorespective fragments 161A-N, eachfragment 161A-N comprising a respective CPKD fragment 163A-N, as disclosed herein. Thecommunication manager 1216 may be configured to communicatefragments 161A-N of thestate keys 160 throughrespective CPC paths 108 of thecontrol system 101, and acquirevalidation data 171A-N in response to communication of thefragments 161A-N, as disclosed herein. The error monitor 1218 may be configured to monitor error introduced during communication of state keys 160 (and/or state key fragments 161A-N) throughCPE paths 108 of thecontrol system 101, which may comprise generating cyber-physical reconstructions of the state keys 160 (validation keys 170) by use of the acquiredvalidation data 171A-N, and/or comparing thestate keys 160 tocorresponding validation keys 170, as disclosed herein. Generating thevalidation keys 170 may comprise reconstructing validation CPKD fragments 173A-N from acquiredvalidation data 171A-N and/or reconstructingvalidation CPKD 172 forrespective state keys 160 by use of the validation CPKD fragments 173A-N, as disclosed herein. - In the
FIG. 12A embodiment, theRS agent 110 may further comprise anacquisition engine 1206, which may be configured to acquirecyber-physical state data 1207 corresponding to thecyber-physical state metadata 111, which, as disclosed herein may be configured to comprise, define, and/or characterize the cyber-physical state of thecontrol system 101 and/or respective regions thereof. Theacquisition engine 1206 may be configured to acquirecyber-physical state data 1207 pertaining to:cyber state metadata 220, one or morecyber state parameters 222, one or morecyber state signatures 228,physical state metadata 240, one or morephysical state parameters 242, one or morephysical state signatures 248, portion(s) thereof and/or the like. Theacquisition engine 1206 may be configured to acquire cyber-physical state information pertaining to respective:cyber-physical components 102,CPCE 105,CPE paths 108,CPE sections 109,cyber components 120, the CS network 122 (and/or portions thereof),cyber nodes 124,cyber paths 126,cyber sections 129,computational components 130, physical components 140 (e.g.,sensor devices 144,actuator devices 146, and/or the like), PPV 155 (e.g.,physical processes 150, physical process attributes 152, and/or the like),physical control couplings 148,physical control sections 149, and/or the like. Theacquisition engine 1206 may be configured to acquirecyber-physical state data 1207 using any suitable means, mechanism and/or technique, as disclosed herein, which may include, but is not limited to: requesting cyber-physical state information (e.g., sending requests for cyber-physical state information through the CS network 122), capturing messages comprising cyber-physical state information, capturing control messages communicated between respectivecomputational components 130 and physical components 140 (e.g., messages between acontroller 132 and one or more sensor and/oractuator devices 144/146), capturing messages on theCS network 122, inspecting messages being communicated on the CS network 122 (e.g., deep packet inspection), extracting cyber-physical state information messages on theCS network 122, acquiring cyber-physical state information from message(s) comprisingvalidation data 171 returned in response to communication ofrespective state keys 160 and/or statekey fragments 161, and/or the like. - The
acquisition engine 1206 may be configured to acquire cyber-physical state information from the control system 101 (and/or respective regions thereof) in accordance with thecoverage schema 511, as disclosed herein. Thecoverage schema 511 may comprise any suitable information pertaining to the acquisition ofcyber-physical state data 1207 including, but not limited to: an acquisition frequency (e.g., may specify the frequency at which theacquisition engine 1206 is configured to acquirecyber-physical state data 1207 pertaining to respective regions of the control system 101), an acquisition period (e.g., may specify a period at which theacquisition engine 1206 is configured to acquirecyber-physical state data 1207 pertaining to respective regions of the control system 101), a monitoring frequency, a monitoring period, a continuous acquisition scheme, a continuous monitoring scheme, a discrete acquisition scheme, a discrete monitoring scheme, a staged monitoring scheme, a staged acquisition scheme, and/or the like. Theacquisition engine 1206 may acquirecyber-physical state data 1207 configured to characterize the cyber-physical state 1201 of thecontrol system 101 at designated acquisition times α (the acquisition times α corresponding to an acquisition frequency, period, continuous acquisition, staged acquisition, and/or the like). As disclosed above, theacquisition engine 1206 may be configured to acquire thecyber-physical state data 1207 by a plurality of different means and/or from a plurality of different sources (e.g., different cyber-physical components 102). Acquiringcyber-physical state data 1207 corresponding to a designated acquisition time α may, therefore, comprise acquiring a plurality of cyber-physical state (CPS)datasets 1209, eachCPS dataset 1209 corresponding to the same (or similar) acquisition time α, and comprising cyber and/orphysical state data 1207 captured by respective means and/or acquired from a respective source (e.g., respective cyber-physical components 102). Acquiring cyber-physical state information 1201 corresponding to an acquisition time α may comprise generating, requesting, and/or receiving a plurality ofCPS datasets 1209, and associating theCPS datasets 1209 with the acquisition time α. The associating may comprise synchronizing theCPS datasets 1209 in accordance with, inter alia, acquisition latencies of theCPS datasets 1209. As used herein, the acquisition latency (LACQ) of aCPS dataset 1209 refers to a latency between the time at which theacquisition engine 1206 attempts and/or expects to acquire theCPS dataset 1209 and the time at which theparticular CPS dataset 1209 is received, captured, extracted, and/or otherwise acquired by theacquisition engine 1206. The acquisition latency (LACQ) of aCPS dataset 1209 may comprise a latency for: communication of a request to a source of the CPS dataset 1209 (a particular cyber-physical component 102), acquisition of theCPS dataset 1209 at the source, communication of theCPS dataset 1209 back to theacquisition engine 1206, acquisition of theCPS dataset 1209 by the acquisition engine (e.g., latency for monitoring, capturing, inspecting, extracting, and/or otherwise acquiring theCPS dataset 1209 at the RS agent 110), and/or the like. The synchronizing may comprise correlating the acquisition time α (a timestamp and/or other identifying information) with received CPS datasets 1209 (e.g., timestamps and/or other identifying information of the CPS datasets 1209). Theacquisition engine 1206 may be configured to evaluate acquisition latencies of theCPS datasets 1209, and may rejectCPS datasets 1209 having acquisition latencies that exceed one or more latency thresholds (e.g., rejectCPS datasets 1209 where LACQ>ΔAT, where ΔAT is an acquisition latency threshold). - The
acquisition engine 1206 may be further configured to synchronize cyber and/or physical state information of theCPS datasets 1209. The synchronizing may comprise mitigating state synchronization deviation between theCPS datasets 1209. As used herein, “state jitter” or “state synchronization deviation” (SDEV) refers to differences between the target acquisition time for cyber-physical state data 1207 (e.g., α) and acquisition times of respective CPS datasets 1209 (e.g., αCPS−α=SDEV, where αCPS is the acquisition time of theCPS dataset 1209 and SDEV is a deviation between αCPS and the target acquisition time α). Theacquisition engine 1206 may be configured to synchronize cyber-physical state information of theCPS datasets 1209, such that the cyber-physical state information of theCPS datasets 1209 corresponding to a same (and/or substantially same) acquisition time (e.g., acquisition time α). In some embodiments, theCPS datasets 1209 may comprise timestamps and/or other synchronization information indicating acquisition times for the cyber and/or physical state information thereof. Alternatively, or in addition, theacquisition engine 1206 may determine the CPS acquisition time (αCPS) ofrespective CPS datasets 1209 by, inter alia, inspecting cyber-physical state information of theCPS datasets 1209, evaluating timestamps associated with the cyber-physical state information, accessing synchronization information of the CPS datasets 1209 (e.g., accessing timestamps associated with sensor, actuator, and/or control data of the CPS dataset 1209), and/or the like. In some embodiments, theacquisition engine 1206 may be configured to estimate the CPS acquisition time (αCPS) of aCPS dataset 1209 based on a latency involved in requesting, capturing, extracting, and/or otherwise acquiring theCPS dataset 1209. The CPS acquisition time (αCPS) of aCPS dataset 1209 may correspond to a latency involved in requesting the CPS dataset 1209 (e.g., latency for communication of a request to a cyber-physical component 102 (LREQ), such that the cyber and/or physical state information returned therefrom corresponds to α+LREQ rather than α). The LREQ for respective sources ofCPS datasets 1209 may be defined by, inter alia,cyber state metadata 220 pertaining tocyber paths 126 and/orcyber fnodes 124 therebetween coupling theRS agent 110 to the respective sources. In another embodiment, theacquisition engine 1206 may determine the CPS acquisition time (αCPS) for aCPS dataset 1209 received from acyber-physical component 102 configured to send cyber-physical state information to theRS agent 110 in accordance with a particular monitoring scheme. Theacquisition engine 1206 may determine the CPS acquisition time (αCPS) in accordance with the monitoring scheme (e.g., based on the frequency and/or period thereof); the SDEV may correspond to a difference and/or offset between the acquisition times α (e.g., acquisition frequency and/or period), and the monitoring scheme of the source of the CPS dataset 1209 (e.g., αCPS=α±OMON and/or SDEV=OMON, where OMON is an offset and/or difference between the monitoring scheme of the source of theCPS dataset 1209 and the target acquisition time α). In other embodiments, the CPS acquisition time (αCPS) of aCPS dataset 1209 may correspond to latency involved in theacquisition engine 1206 generating the CPS dataset 1209 (capturing, inspecting, extracting, and/or otherwise acquiring cyber-physical state information of theCPS dataset 1209 from, e.g., messages communicated betweencyber-physical components 102 of thecontrol system 101, as disclosed herein), such that αCPS=α+LGEN, and/or SDEV=LGEN, where LGEN is a latency involved in theacquisition engine 1206 generating theCPS dataset 1209. - In some embodiments, the
acquisition engine 1206 may be configured to modify the cyber-physical state information of one ormore CPS datasets 1209 in accordance with the determined CPS acquisition times (αCPS), latencies, and/or state deviations SDEV thereof. Theacquisition engine 1206 may be configured to ignore SDEV that are unlikely to adversely affect the accuracy of the cyber-physical state metadata 111 (e.g., may ignore SDEV lower than a state deviation threshold). In some embodiments, theacquisition engine 1206 may be configured to mitigate state deviations (SDEV), which may comprise modifying the cyber-physical state information having state deviations SDEV that exceed one or more thresholds. The modifying may comprise estimating, extrapolating, calculating, and/or otherwise determining cyber-physical state information corresponding to the target acquisition time α based on the cyber-physical state information acquired at αCPS, where αCPS−α=SDEV. Theacquisition engine 1206 may be configured to modify the cyber-physical state information in accordance with a model, such as a process model, observer model, Kalman filter, and/or the like, as disclosed in further detail herein. Alternatively, or in addition, theacquisition engine 1206 may be configured to adapt acquisition of therespective CPS datasets 1209 to, inter alia, reduce the SDEV thereof (and/or reduce differences in CPS acquisition times (αCPS) therebetween). Theacquisition engine 1206 may be configured to schedule acquisition ofrespective CPS datasets 1209 based on the SDEV thereof, which may comprise scheduling communication of requests for one or more CPS datasets 1209 (e.g., scheduling the requests in accordance with request latencies LREQ of respective sources of cyber-physical state information of the one or more CPS datasets 1209), configuring respective sources to acquire and/or communicate cyber-physical state information in accordance with target acquisition times α (e.g., synchronizing monitoring schemes of one or morecyber-physical components 102 with target acquisition times α), scheduling operations to generate one or more CPS datasets 1209 (e.g., scheduling the operations based on latencies LGEN for theacquisition engine 1206 to generate cyber-physical state information of the one or more CPS datasets 1209), and/or the like. Acquiringcyber-physical state data 1207 configured to characterize the cyber-physical state of thecontrol system 101 at a target acquisition time α may comprise theacquisition engine 1206 sending requests for respective cyber-physical state information prior to the acquisition time α (e.g., sending a request for aCPS dataset 1209 at α−LREQ, where LREQ is the request latency of the source of the cyber-physical state information of the CPS dataset 1209). Theacquisition engine 1206 may be further configured to schedule operations to generate cyber-physical state information prior to the acquisition time α (e.g., schedule operations to monitor, capture, inspect, and/or extract cyber-physical state information from messages on theCS network 122 at α−LGEN, where LGEN is the latency for generation of the cyber-physical state information by the acquisition engine 1206). Although particular examples of means for synchronizing acquired cyber-physical state data 1207 (and/or respective CPS datasets 1209) are described herein, the disclosure is not limited in this regard, and could be adapted to use any suitable synchronization technique. - The
acquisition engine 1206 may be further configured to derive acquiredcyber-physical state metadata 1211 from the acquiredcyber-physical state data 1207. Theacquisition engine 1206 may be configured to derive: acquiredcyber state metadata 1211 corresponding to the cyber state metadata 220 (and/or respective portions thereof), acquired cyber state parameters 1222 corresponding to one or morecyber state parameters 222, acquired cyber state signatures 1228 corresponding to one or more cyber state signatures 228 (and/or portions thereof), acquiredphysical state metadata 1240 corresponding to the physical state metadata 240 (and/or respective portions thereof), acquired physical state parameters 1242 corresponding to one or morephysical state parameters 242, acquired cyber state signatures 1248 corresponding to one or more physical state signatures (and/or portions thereof), and so on. The deriving may include, but is not limited to: extracting features from the acquiredcyber-physical state data 1207, performing calculations on the acquired cyber-physical state data 1207 (e.g., calculating statistical characteristics of cyber communication at particularcyber nodes 124, as disclosed herein), extrapolating acquired cyber state parameters 1222 and/or physical state parameters 1242 from the acquiredcyber-physical state data 1207, estimating acquired cyber state parameters 1222 and/or physical state parameters 1242 from the acquiredcyber-physical state data 1207, predicting acquired cyber state parameters 1222 and/or physical state parameters 1242 from the acquiredcyber-physical state data 1207, and/or the like. The deriving may further comprise calculating one ormore CPSS 118 signatures characterizing the acquiredcyber-physical state metadata 1211, which may include acquired cyber state signatures 1228, acquired physical state signatures 1248, and/or the like. Theacquisition engine 1206 may be configured to generate the signatures 1228 and/or 1248 in accordance with thesignature schema 116, as disclosed herein. - The
RS agent 110 may further comprise astate engine 1290, which may be configured to incorporate the acquiredcyber-physical state metadata 1211 into thecyber-physical state metadata 111. In some embodiments, incorporating the acquiredcyber-physical state metadata 1211 may comprise importing the acquiredcyber-physical state metadata 1211 into thecyber-physical metadata 111. The importing may comprise replacing existing cyber-physical state metadata 111 (if any) with the acquiredcyber-physical state metadata 1211. Alternatively, or in addition, the importing may comprise retainingcyber-physical state metadata 111 configured to characterize the cyber-physical state of thecontrol system 101 at one or more previous acquisition times, as disclosed in further detail herein. Thestate engine 1290 may be further configured to update thecyber-physical state metadata 111 with acquisition information (e.g., associate thecyber-physical state metadata 111 with the acquisition time(s) thereof, as disclosed herein). - In some embodiments, the
acquisition engine 1206 may be configured to acquire cyber-physical state data 1207 (and/or CPS datasets 1209) in conjunction with communication ofstate keys 160 by thecommunication manager 1216. As disclosed above, theRS agent 110 may be configured to communicatestate keys 160 through selected regions of thecontrol system 101. The region of thecontrol system 101 covered by astate key 160 may, therefore, refer to the region of thecontrol system 101 through which thestate key 160 is to be communicated. Theacquisition engine 1206 may be configured to acquirecyber-physical state data 1207 from regions of thecontrol system 101 covered byrespective state keys 160. Theacquisition engine 1206 may be configured to acquire thecyber-physical state data 1207 during communication of the respective state keys 160 (e.g., concurrently with communication of the state keys 160). Communication of astate key 160 through a selected region of thecontrol system 101 may trigger acquisition of cyber-physical state information pertaining to the selected region by the acquisition engine 1206 (e.g., the time at which thestate key 160 is communicated may comprise and/or correspond to the target acquisition time α of the acquisition engine 1206). In response to communication of astate key 160, theacquisition engine 1206 may be configured to acquirecyber-physical state data 1207 pertaining to, inter alia,cyber-physical components 102 within the region covered by thestate key 160.Error metrics 175 of therespective state keys 160 may, therefore, accurately indicate the likelihood of error in the corresponding acquired cyber-physical state data 1207 (and/or the acquiredcyber-physical state metadata 1211 derived therefrom). - In some embodiments, the
acquisition engine 1206 may be further configured to acquire cyber-physical state data 1207 (and/or respective CPS datasets 1209) in conjunction with communication of state key fragments 161. As disclosed above, communicating astate key 160 through a selected region of thecontrol system 101 may comprise communicatingfragments 161A-N of thestate key 160 throughCPC paths 108 of the selected region. Communicating a statekey fragment 161 through aCPC path 108 of aCPCE 105 may comprise: sending thefragment 161 through a first cyber path 126 (to acorrelator 166, such as anactuator device 146,controller 132, and/or the like), communicatingcorresponding validation data 171 to a receiver 168 (e.g., asensor device 144,controller 132, and/or the like) by aphysical control coupling 148 that comprises and/or corresponds to aPPV 155 of theCPCE 105, and returning thevalidation data 171 through a secondcyber path 126. Acquiringcyber-physical state data 1207 in conjunction with communication of a statekey fragment 161 through aCPC path 108 may comprise acquiringcyber-physical state data 1207 pertaining to the CPE path 108 (e.g., acquiringCPS datasets 1209 pertaining tocyber-physical components 102 of the CPE path 108). In some embodiments, acquiringcyber-physical state data 1207 corresponding to astate key 160 may comprise acquiring a plurality of regional cyber-physical state (RCPS)datasets 1217A-N, theRCPS datasets 1217A-N comprising cyber and/orphysical state data 1207 corresponding to communication of arespective fragment 161A-N of thestate key 160 through arespective CPC path 108. TheRCPS dataset 1217 corresponding to communication of a statekey fragment 161 may include, but is not limited to cyber-physical state information pertaining to:cyber-physical components 102 of theCPE path 108, one or morecyber paths 126, one or morephysical control couplings 148, one ormore PPV 155, and/or the like. Acquiring anRCPS dataset 1217 may comprise acquiring one ormore CPS datasets 1209 corresponding to a target acquisition time α, as disclosed herein. In some embodiments, theCPE paths 108 through which respective state key fragments 161A-N are communicated may overlap (may have one or morecyber-physical components 102 in common). Theacquisition engine 1206 may be configured to adapt acquisition of theRCPS data 1217A-N to prevent redundant acquisition (e.g., prevent acquisition of samecyber-physical state data 1207 in conjunction with communication ofdifferent fragments 161A-N of same state keys 160). Theacquisition engine 1206 may be further configured to derive acquiredcyber-physical state metadata 1211 from theRCPS data 1217A-N, which may be incorporated into thecyber-physical state metadata 111, as disclosed herein. - The
security engine 1210 may be configured to, inter alia, determineerror metrics 175 in response to communication ofrespective state keys 160, which may comprise determining key errors 176 quantifying differences betweenstate keys 160 and corresponding cyber-physical reconstructions thereof (validation keys 170) and/or fragment errors 177A-N quantifying differences betweenfragments 161A-N of therespective state keys 160 and corresponding cyber-physical reproductions thereof (respective validation data 171A-N). Thesecurity engine 1210 may be further configured to determinecyber-physical health metadata 180 pertaining to thecontrol system 101 based on, inter alia, thedetermined error metrics 175. - As disclosed above, the
acquisition engine 1206 may be configured to acquirecyber-physical state metadata 1211 in conjunction with communication of respective state keys 160 (and/orfragments 161 thereof). Theacquisition engine 1206 may be configured to acquirecyber-physical state metadata 1211 configured to cover the same and/or similar regions as therespective state keys 160. Theerror metrics 175 determined in response to communication of therespective state keys 160 may, therefore, indicate whether the corresponding acquiredcyber-physical state metadata 1211 comprises an accurate characterization of the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof). - The
security engine 1210 may be configured to determine CPSC metrics 575, which may be configured to quantify a confidence in the cyber-physical state metadata 111 (and/or respective portions thereof), as disclosed herein. In theFIG. 12A embodiment, thesecurity engine 1210 may be further configured to determine CPSC metrics 575 pertaining to the acquiredcyber-physical state metadata 1211. The CPSC metrics 575 may be based on, inter alia,error metrics 175 of thestate keys 160 corresponding to the acquiredcyber-physical state metadata 1211. The CPSC metrics 575 may comprise an acquisition confidence 1276, which may quantify a confidence that the acquiredcyber-physical state metadata 1211 accurately represents the cyber-physical state 1201 of the control system 101 (and/or regions of thecontrol system 101 covered by thestate keys 160 associated therewith). The acquisition confidence 1276 determined for acquiredcyber-physical state metadata 1211 obtained in conjunction with communication ofparticular state keys 160 may correspond to error metrics 175 (e.g., key errors 176) of theparticular state keys 160. In some embodiments, the CPSC metrics 575 may further comprise one or more acquisition set confidences 1277A-N, which may quantify a confidence that portions of the acquiredcyber-physical state metadata 1211 derived from respective acquiredRCPS data 1217A-N accurately represent the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof). The acquisition set confidences 1277A-N determined for acquiredcyber-physical state metadata 1211 obtained in conjunction with communication ofrespective fragments 161A-N ofparticular state keys 160 may correspond to errormetrics 175 of the particular state keys 160 (e.g., respective fragment errors 177A-N of the particular state keys 160). The CPSC metrics 575 may further incorporate characteristics pertaining to the acquisition of thecyber-physical state metadata 1211 from thecontrol system 101, as state acquisition noise, acquisition latency, acquisition frequency, state jitter, state deviation, and/or the like, as disclosed herein. - As disclosed above, the
state engine 1290 may be configured to incorporate acquiredcyber-physical state metadata 1211 into thecyber-physical state metadata 111. Thestate engine 1290 may be configured to incorporate the acquiredcyber-physical state metadata 1211 in accordance with the CPSC metrics 575 thereof. In response to CPSC metrics 575 indicating high confidence in the accuracy of the acquired cyber-physical state metadata 1211 (CPSC metrics 575 that satisfy a confidence threshold), thestate engine 1290 may be configured to import the acquiredcyber-physical state metadata 1211 into thecyber-physical metadata 111, as disclosed herein (e.g., replace existingcyber-physical state metadata 111 with the acquired cyber-physical state metadata 1211). The importing may comprise updating thecyber-physical state metadata 111 to indicate, inter alia, times at which respective portions of thecyber-physical state metadata 111 were acquired (e.g., specify the acquisition time α of the imported cyber-physical state metadata 111). In some embodiments, thestate engine 1290 may be configured to discardcyber-physical state metadata 111 replaced by the acquired cyber-physical state metadata 1211 (e.g., discardcyber-physical state metadata 111 acquired prior to the current acquisition time α). Alternatively, or in addition, thestate engine 1290 may be configured to maintaincyber-physical state metadata 111 corresponding to one or more previous acquisition times α in a data store (e.g., historical data store 1219). Thehistorical data store 1219 may comprise any suitable storage means, as disclosed herein. Thehistorical data store 1219 may comprise and/or correspond to storage resources of theRS agent 110. Alternatively, or in addition, thehistorical data store 1219 may comprise external storage resources (e.g., may comprise data storage resources of anothercyber-physical component 102 of the control system 101). Thehistorical data store 1219 may comprise a plurality of historical cyber-physical state datasets, each comprisingcyber-physical state metadata 111 corresponding to a respective time. - Importing the acquired
cyber-physical state metadata 1211 may further comprise determiningcyber-physical health metadata 180 based on, inter alia, error and/orCPSC metrics 175/575 corresponding to the acquiredcyber-physical state metadata 1211 as disclosed herein. In some embodiments, thestate engine 1290 may be configured to determine whether to import acquiredcyber-physical state metadata 1211 based on the error and/orCPSC metrics 175/575 thereof. Thestate engine 1290 may compare the error and/orCPSC metrics 175/575 of the acquiredcyber-physical state metadata 1211 to one or more thresholds, and may determine whether to incorporate the acquiredcyber-physical state metadata 1211 based on the comparing. Thestate engine 1290 may defer incorporation of low-confidence acquired cyber-physical state metadata 1211 (acquiredcyber-physical state metadata 1211 having error and/orCPSC metrics 175/575 that fail to satisfy one or more error and/or confidence thresholds). In response to low-confidence acquiredcyber-physical state metadata 1211, thestate engine 1290 may configuresubsequent state keys 160 to cover the same and/or overlapping regions of thecontrol system 101. Thestate engine 1290 may evaluate the resulting error and/orCPSC metrics 175/575, determine whether the error and/orCPSC metrics 175/575 satisfy the error and/or confidence thresholds, and, if so, import the more recently acquiredcyber-physical state metadata 1211. Ifstate engine 1290 determines that the error and/orCPSC metrics 175/575 still fail to satisfy the error and/or confidence thresholds, thestate engine 1290 may incorporate the acquiredcyber-physical state metadata 1211, which may comprise recording the low CPSC metrics 575 associated therewith in thecyber-physical health metadata 180, as disclosed herein. Thestate engine 1290 may be further configured to update correspondingacquisition parameters 112 to indicate the low CPSC metrics 575 and/or mark the corresponding portions of thecyber-physical state metadata 111 for reacquisition. - In some embodiments, the
RS agent 110 may be configured to generate and/or communicatestate keys 160 in accordance with acoverage schema 511. Thecoverage schema 511 may comprise selection criteria by which regions of thecontrol system 101 may be selected for coverage by respective state keys 160 (and/orrespective fragments 161A-N thereof). Selecting a region for astate key 160 may comprise selecting a region through which the state key 160 (and/orfragments 161A-N thereof) are to be communicated. The selecting may further comprise selecting the region for acquisition ofcyber-physical state metadata 1211 therefrom, as disclosed herein. In some embodiments, thecoverage schema 511 may comprise a weighted selection criterion that incorporates various factors pertaining to respective regions of the control system 101 (e.g., respective CPCE 105), such as a priority,error metrics 175, error metric age, and/or the like. In theFIG. 12 embodiment, thecoverage schema 511 may comprise weighted selection criteria corresponding to acquisition ofcyber-physical state metadata 1211 pertaining to respective regions of thecontrol system 101. The selection criteria may configure the communication ofstate keys 160 to ensure coverage of thecontrol system 101 by the acquiredcyber-physical state metadata 1211. In some embodiments, weights may be assigned torespective CPCE 105 as follows: -
w i =W pri,i +W err ·e i +W err_age ·err_agei +W c c i +W state_age·state_agei - In the expression above, wi is the weight assigned to a
particular CPCE 105, Wpri,i may be a priority weighting factor, Werr may be an error weighting and/or scaling factor applied to errormetrics 175 and/or errormetric parameters 181 of the CPCE 105 (ei), and Werr_age may be a weighting and/or scaling factor applied to an error age parameter (err_agei), as disclosed herein. The weighting may further comprise a confidence weighting factor (Wc) applied to a cyber-physical state confidence parameter (ci), which may comprise and/or correspond to a confidence that thecyber-physical state metadata 111 corresponding to theCPCE 105 accurately represents the cyber-physical state of the CPCE 105 (e.g., may comprise and/or correspond to confidence metrics of thecyber-physical health metadata 180 and/or CPSC metrics 575, as disclosed herein). The cyber-physical state confidence parameter (ci) may be inversely proportional to the confidence and/or CPSC metrics 575, such thatCPCE 105 having lower confidence and/or CPSC metrics 575 are prioritized for coverage overCPCE 105 having higher confidence and/or CPSC metrics 575. Wstate_age may be a weighting and/or scaling factor applied to a cyber-physical state parameter (state_agei), which may correspond to an age ofcyber-physical state metadata 111 of theCPCE 105, such thatCPCE 105 having higher state age parameters are weighted for selection overother CPCE 105. In some embodiments, the time at whicherror metrics 175 of aCPCE 105 are obtained may correspond to the time at which correspondingcyber-physical metadata 111 are acquired therefrom and, as such, the cyber-physical state age parameter (state_ageri) of aCPCE 105 may be similar to, or the same as, the error age parameter (err_ageri) of theCPCE 105, such that one or more of the parameters may be omitted (or combined) in the weighting. Thecoverage schema 511 may, therefore, define selection and/or weighting criteria by which regions of thecontrol system 101 may be selected for coverage byrespective state keys 160 and/orcyber-physical state metadata 111 are acquired therefrom. - In some embodiments, the
coverage schema 511 may define one or more “snapshot” schemes. As used herein, a “snapshot” coverage scheme (snapshot scheme) refers to a coverage scheme in which a set ofstate keys 160 are configured for communication through a target region of thecontrol system 101 substantially concurrently. The target region may comprise and/or correspond to a plurality ofCPCE 105 of thecontrol system 101. In some embodiments, the target region may cover the control system 101 (e.g., may comprise substantially all of thecyber-physical components 102,CPE 105,CPE paths 108 and/orPPV 155 of the control system 101). Implementing a snapshot scheme covering a target region may comprise configuring a set ofstate keys 160 to cover the target region (e.g., configuring a set ofstate keys 160 such that the target region is fully covered by and/or contained within a union of the regions covered by the respective state keys 160). - Communicating a set of
state keys 160 “substantially concurrently” may comprise communicating the set ofstate keys 160 at substantially a same time, substantially simultaneously, in parallel, on separate threads, and/or the like. Communicating a set ofstate keys 160 substantially concurrently may comprise transmitting thestate keys 160 independently of acquiringvalidation keys 170 corresponding thereto (e.g., may comprise transmitting a plurality ofstate key 160 of the set prior to acquiringvalidation keys 170 corresponding to any of the set of state keys 160). Communicating the set ofstate keys 160 substantially concurrently may comprise communicatingfragments 161A-N ofrespective state keys 160 of the set at substantially a same time, substantially simultaneously, in parallel, on separate threads, and/or the like. Alternatively, or in addition, communicating the set ofstate keys 160 substantially concurrently may comprise interleaving communication offragments 161A-N ofrespective state keys 160 of the set. Communicating the set ofstate keys 160 substantially concurrently may comprise communicatingfragments 161A-N of thestate keys 160 independently of acquiringvalidation data 171A-N corresponding thereto (e.g., may comprise transmitting a plurality offragments 161A-N of a plurality ofstate keys 160 of the set prior to acquiringvalidation data 171A-N corresponding to any of thefragments 161A-N of any of thestate keys 160 of the set). - Implementing a snapshot scheme may further comprise acquiring
cyber-physical state metadata 1211 covering the target region in conjunction with the substantially concurrent communication of the set ofstate keys 160. Implementing the snapshot scheme may comprise acquiringcyber-physical state metadata 1211 configured to characterize the cyber and/or physical state of the target region at an acquisition time α, the acquisition time α corresponding to concurrent communication of the set ofstate keys 160. Theacquisition engine 1206 may be configured to acquire a plurality ofCPS datasets 1209, eachCPS dataset 1209 comprisingcyber-physical state data 1207 configured to characterize a cyber and/or physical state of respective portions of the target region. Implementing the snapshot scheme may comprise requesting, monitoring, capturing, inspecting, generating, and/or otherwise acquiring theplurality CPS datasets 1209 substantially concurrently (e.g., a substantially a same time, simultaneously, in parallel, interleaved, and/or the like). In some embodiments, implementing a snapshot scheme may comprise associating theCPS datasets 1209 with the acquisition time α, synchronizing theCPS datasets 1209 to the acquisition time α, modifying cyber-physical state information of one or more of theCPS datasets 1209 in accordance with the acquisition time α, deriving acquiredcyber-physical state metadata 1211 therefrom, and/or the like, as disclosed herein. Implementing the snapshot scheme may further comprise thestate engine 1290 importing the acquiredcyber-physical state metadata 1211 in accordance with the error and/or CPSC metrics 127/575 of the corresponding set ofstate keys 160, as disclosed herein. - The
cyber-physical state metadata 111 maintained by thestate engine 1290 may be comprise, define, and/or characterize the cyber-physical state 1201 of thecontrol system 101, including thecyber state 1202 and the physical state 1204 of the control system 101 (and/or respective regions thereof). Thecyber state 1202 may comprise and/or characterized bycyber state metadata 220,cyber state parameters 222,cyber state signatures 228, acquired cyber state metadata 1220, acquired cyber state parameters 1222, acquired cyber state signatures 1228, and/or the like. The physical state 1204 may comprise and/or be characterized byphysical state metadata 240,physical state parameters 242,physical state signatures 248, acquiredphysical state metadata 1240, acquired physical state parameters 1242, acquired physical state signatures 1248, and/or the like. - The
security engine 1210 may be configured to determinecyber-physical health metadata 180 for the control system 101 (and/or respective regions thereof) in accordance witherror metrics 175, CPSC metrics 575, and/or other information pertaining to the communication ofstate keys 160 and/or acquisition ofcyber-physical state metadata 111, as disclosed herein. In theFIG. 12A embodiment, thesecurity engine 1210 may be further configured to determine thecyber-physical health metadata 180 based on the determined cyber-physical state 1201 of thecontrol system 101. Thesecurity engine 1210 may comprise acyber state evaluator 1252 configured to determinecyber state metrics 553, which may be configured to quantify a health of thecyber state 1202 of the control system 101 (and/or respective regions thereof), as disclosed herein. Thesecurity engine 1210 may further comprise aphysical state evaluator 1254 configured to determinephysical state metrics 555, which may be configured to quantify a health of the physical state 1204 of the control system 101 (and/or respective regions thereof), as disclosed herein. Determining thecyber state metrics 553 may comprise thecyber state evaluator 1252 applying one or more CSER to cyber state characteristics of thecontrol system 101, as disclosed herein, the cyber state characteristics comprising and/or corresponding to one or more of: thecyber state 1202 of thecontrol system 101, thecyber state metadata 220, the acquired cyber state metadata 1220, portion(s) thereof, and/or the like. Determining thephysical state metrics 555 may comprise thephysical state evaluator 1254 applying one or more PSER to physical state characteristics of thecontrol system 101, as disclosed herein, the physical state characteristics comprising and/or corresponding to one or more of: the physical state 1204 of thecontrol system 101, thephysical state metadata 240, the acquiredphysical state metadata 1240, portion(s) thereof, and/or the like. - In some embodiments, determining the
cyber state metrics 553 may comprise thecyber state evaluator 1252 comparing the acquiredcyber state 1202 of the control system 101 (and/or respective regions thereof) to one ormore CSB 552, as disclosed herein. TheCSB 552 may comprise cyber baseline characteristics, which as disclosed herein, may be configured to characterize respectivecyber states 1202, cyber behaviors, and/orcyber state metadata 220/1220. The features ofrespective CSB 552 may correspond to respective characteristics of thecyber state 1202 of the control system 101 (and/or respective regions thereof), such as thecyber state metadata 220,cyber state parameters 222,cyber state signatures 228, acquired cyber state metadata 1220, acquired cyber state parameters 1222, acquired cyber state signatures 1228, portion(s) thereof, and/or the like. - The features of
respective CSB 552 may be extracted, determined, and/or learned from the cyber state information (e.g., acquired cyber-physical state data 1205, acquired cyber state metadata 1220,cyber state metadata 220, cyber state metadata 20 maintained within thehistorical data store 1219, training data and/or the like). Determining thecyber state metrics 553 may comprise determining CSB error metrics forrespective CSB 552, which may quantify a degree to which thecyber state 1202 of thecontrol system 101 corresponding torespective CSB 552, includinghealthy CSB 552 andunhealthy CSB 552. The comparing may further comprise identifying one or moreproximate CSB 552, which may compriseCSB 552 that most closely correspond to the currentcyber state 1202 of thecontrol system 101, as disclosed herein. - In some embodiments, determining the
physical state metrics 555 may comprise thephysical state evaluator 1252 comparing the acquired physical state 1204 of the control system 101 (and/or respective regions thereof) to one ormore PSB 554, as disclosed herein. ThePSB 554 may comprise physical baseline characteristics, which as disclosed herein, may be configured to characterize respective physical states 1204, physical behaviors, and/orphysical state metadata 240/1240. The features ofrespective PSB 554 may correspond to respective characteristics of the physical state 1204 of the control system 101 (and/or respective regions thereof), such as thephysical state metadata 240,physical state parameters 242,physical state signatures 248, acquiredphysical state metadata 1240, acquired physical state parameters 1242, acquired physical state signatures 1248, portion(s) thereof, and/or the like. The features ofrespective PSB 554 may be extracted, determined, and/or learned from the physical state information (e.g., acquired physical-physical state data 1205, acquiredphysical state metadata 1240,physical state metadata 240, physical state metadata 20 maintained within thehistorical data store 1219, training data and/or the like). Determining thephysical state metrics 555 may comprise determining PSB error metrics forrespective PSB 554, which may quantify a degree to which the physical state 1204 of thecontrol system 101 corresponding torespective PSB 554, includinghealthy PSB 554 andunhealthy PSB 554. The comparing may further comprise identifying one or moreproximate PSB 554, which may comprisePSB 554 that most closely correspond to the current physical state 1204 of thecontrol system 101, as disclosed herein. - The
security engine 1210 may be further configured to incorporate thecyber state metrics 553 into thecyber health metadata 182, as disclosed herein. Thesecurity engine 1210 may be configured to determinecyber health metrics 282 for the control system 101 (and/or respective regions thereof), which may comprise and/or correspond to the error and/orCPSC metrics 175/575, as disclosed herein. Thesecurity engine 1210 may be further configured to incorporate thecyber state metrics 553 into thecyber health metrics 282, as disclosed herein. In some embodiments, thecyber health metrics 282 may be based on, inter alia, evaluation of one or more CSER, CSB error metrics of respective CSB 552 (e.g., healthy and/or unhealthy CSB 552), and/or the like, as disclosed herein. Thecyber health metrics 282 may be configured to quantify a degree to which the acquiredcyber state 1202 of the control system 101 (and/or respective regions thereof) correspond to healthy and/orunhealthy CSB 552, identifyproximate CSB 552, and/or the like. - The
security engine 1210 may be further configured to incorporate thephysical state metrics 555 into thephysical health metadata 184, as disclosed herein. Thesecurity engine 1210 may be configured to determinephysical health metrics 284 for the control system 101 (and/or respective regions thereof), which may comprise and/or correspond to the error and/orCPSC metrics 175/575, as disclosed herein. Thesecurity engine 1210 may be further configured to incorporate thephysical state metrics 555 into thephysical health metrics 284, as disclosed herein. In some embodiments, thephysical health metrics 284 may be based on, inter alia, evaluation of one or more PSER, PSB error metrics of respective PSB 554 (e.g., healthy and/or unhealthy PSB 554), and/or the like, as disclosed herein. Thephysical health metrics 284 may be configured to quantify a degree to which the acquiredphysical state 1202 of the control system 101 (and/or respective regions thereof) correspond to healthy and/orunhealthy PSB 554, identifyproximate PSB 554, and/or the like. - The
security engine 1210 may be configured to implement one or more mitigation operations in accordance with the determinedcyber-physical state metadata 180,cyber health metadata 182,cyber health metrics 282,physical health metadata 184, and/orphysical health metrics 284, as disclosed herein. Thesecurity engine 1210 may be configured to implement mitigation operations in response to cyber and/orphysical state metrics 553/555 indicating failure of one or more CSER and/or PSER, as disclosed herein. Alternatively, or in addition, thesecurity engine 1210 may be configured to implement mitigation operations in response to cyber and/orphysical state metrics 553/555 indicating that the cyber and/orphysical state 1202/1204 of thecontrol system 101 is proximate to unhealthy CSB and/orPSB 552/554. Thesecurity engine 1210 may be configured to implement mitigation operations in accordance with identified CSER/PSER failures, proximate unhealthy CSB and/orPSB 552/554, and/or the like. As disclosed above, thecyber state metrics 553 may identify CSER failures and/or indicate that the acquiredcyber state 1202 is proximate to (and/or is within a proximity threshold of) anunhealthy CSB 552. A CSER failure and/or proximity to anunhealthy CSB 552 may indicate a particular type of cyber-attack, cyber-attack directed to particularcyber components 120, compromise of particular cyber components 120 (e.g., one or more cyber nodes 124), and/or the like. Thesecurity engine 1210 may implement corresponding mitigation operations, which may comprise operations to: generate notifications corresponding to the failed CSER, generate notifications indicating theunhealthy CSB 552, mitigate cyber-attacks and/or cyber-attack vectors associated with the failed CSER and/orunhealthy CSB 552, which may comprise implementing operations to: mitigate cyber-attacks directed against identified cyber components 120 (e.g., deactivating identified cyber components 120), mitigate compromise of identified cyber components 120 (e.g., filter adversarial messages injected by the identified cyber components 120), shut down identified cyber-attack vectors (e.g., shut down one or more gateways and/or external channels), and/or the like. - The
security engine 1210 may be further configured to implement mitigation operations in response to failure of one or more PSER and/or determining that the acquired physical state 1204 is proximate to anunhealthy PSB 554. As disclosed above, a PSER failure and/or proximity to anunhealthy PSB 554 may indicate a particular type of physical and/or component attack, physical attack vector, physical failure mode, and/or the like. Thesecurity engine 1210 may implement corresponding mitigation operations, which may comprise operations to: generate notifications indicating the failed PSER, generate notifications indicating theunhealthy PSB 554, mitigate attack(s) and/or failure modes associated with the failed PSER and/orunhealthy PSB 554, and/or the like. The mitigation operations may comprise operations to mitigate attacks directed against identified computational components 130 (e.g., reset specifiedcomputational components 130, modify control functions implemented thereby, and/or the like), mitigate attacks directed against identified physical components 140 (e.g., ignore sensor data acquired by identifiedsensor devices 144 and/or deactivate identified actuator devices 146), deactivatephysical components 140 and/orPPV 155 operating in identified failure modes, and/or the like. -
FIG. 12B is a schematic block diagram of another embodiment ofcyber-physical system 100 comprising anRS agent 110, as disclosed herein. TheRS agent 110 may be configured to communicatestate keys 160 through selected regions of thecontrol system 101, and determineerror metrics 175 for thestate keys 160, as disclosed herein. TheRS agent 110 may be further configured to acquire the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof), which may comprise acquiringcyber-physical state metadata 1211 in conjunction with communication of respective state keys 160 (and/orfragments 161 thereof), determining CPSC metrics 575 quantifying a confidence in the accuracy of the acquiredcyber-physical state metadata 1211, and/or incorporating the acquiredcyber-physical state metadata 1211 in accordance with the determined CPSC metrics 575. TheRS agent 110 may comprise acyber state evaluator 1252, which may be configured to, inter alia, determinecyber state metrics 553 for the control system 101 (and/or respective regions thereof) in accordance with the acquiredcyber state 1202, as disclosed herein. TheRS agent 110 may further comprise aphysical state evaluator 1254, which may be configured to, inter alia, determinephysical state metrics 555 for the control system 101 (and/or respective regions thereof) in accordance with the acquired physical state 1204, as disclosed herein. - As disclosed above, acquiring
cyber-physical state metadata 1211 may comprise acquiringcyber-physical state data 1207 configured to comprise, define, and/or characterize the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof) at a specified acquisition time α. The correspondingcyber-physical state metadata 111 maintained by theRS agent 110 may correspond to a time previous to the specified acquisition time α (e.g., may correspond to a previous acquisition time α-1 or α-Δα, where 1 and/or Δα represents the time between the specified acquisition time α and the time at which thecyber-physical state metadata 111 was last acquired, which may correspond to an acquisition frequency and/or period, as disclosed herein). In some embodiments, thestate engine 1290 may be configured to incorporate the acquiredcyber-physical state metadata 1211, which may comprise importing into thecyber-physical state metadata 111, discardingcyber-physical state metadata 111 replaced thereby, and/or destaging the discardedcyber-physical state metadata 111 to thehistorical data store 1219, as disclosed herein. In response to incorporating the acquiredcyber-physical state metadata 1211, the updatedcyber-physical state metadata 111 may characterize the cyber and/orphysical state 1202/1204 of the control system 101 (and/or respective regions thereof) at the specified acquisition time α. - In the
FIG. 12B embodiment, thestate engine 1290 may be further configured to maintaincyber-physical state metadata 111 corresponding a plurality and/or range of acquisition times α. Thestate engine 1290 may be configured to retaincyber-physical state metadata 111 corresponding to a current acquisition time α and one or more previous acquisition times α-1, α-2, and so on. In some embodiments, thestate engine 1290 is configured to maintaincyber-physical state metadata 111 corresponding to a sliding window of cyber-physical states 1201 of the control system 101 (and/or respective regions thereof), including, but not limited to: acyber-physical state 1201A corresponding to a current acquisition time α, acyber-physical state 1201B corresponding to a previous acquisition time α-1, and so on, includingcyber-physical state 1201N corresponding to acquisition time α-n. Maintaining the cyber-physical state metadata may comprise: acquiringcyber-physical state metadata 1211 at a specified acquisition time α, importing the acquiredcyber-physical state metadata 1211, designating the specified acquisition time α as the current acquisition time α of thecyber-physical state metadata 111, retainingcyber-physical state metadata 111 corresponding to acquisition times α through α-n, and discardingcyber-physical state metadata 111 corresponding to acquisition times outside of a through α-n. The retaining may comprise maintaining multiple versions ofcyber-physical state metadata 111, each version associated with respective acquisition times between a and α-n (e.g., retainingcyber state metadata 220,cyber state parameters 222,cyber state signatures 228,physical state metadata 240,physical state parameters 242, and/orphysical state signatures 248 having acquisition times between a and α-n). The discarding may comprise identifyingcyber-physical state metadata 111 having acquisition times outside of a through α-n, removing the identifiedcyber-physical state metadata 111, and/or moving the identifiedcyber-physical state metadata 111 to a data store (e.g.,historical data store 1219, as disclosed above). Thecyber-physical state metadata 111 maintained by theRS agent 110 may comprise, define, and/or characterize the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof) at respective acquisition times α through α-n, which may correspond tocyber-physical states 1201A-N, respectively. - As disclosed above, the
cyber state evaluator 1252 may be configured to determinecyber state metrics 553 for the control system 101 (and/or respective regions thereof), which may comprise, inter alia, evaluating one or more CSER, as disclosed herein. Alternatively, or in addition, determining thecyber state metrics 553 may comprise comparing one or more of thecyber states 1202A-N (e.g., the currentcyber state 1202A) torespective CSB 552, as disclosed herein. Thephysical state evaluator 1254 may be configured to determinephysical state metrics 555 for the control system 101 (and/or respective regions thereof), which may comprise, inter alia, evaluating one or more PSER, as disclosed herein. Alternatively, or in addition, determining thephysical state metrics 555 may comprise comparing one or more of thephysical states 1204A-N (e.g., the currentphysical state 1204A) torespective PSB 554, as disclosed herein. - In the
FIG. 12B embodiment, determining thecyber state metrics 553 may comprise the evaluating CSER that correspond to a sliding window ofcyber states 1202A-N. By way of non-limiting example, a CSER may require that a mean message size characteristic of one or morecyber nodes 124 remain below a specified threshold. Evaluating the CSER may comprise determining mean message size characteristics of thecyber nodes 124 at respective acquisition times α-n through a (atcyber states 1202N-A as maintained in the cyber-state metadata 111). Evaluating the CSER may comprise determining whether the mean message size satisfies the specified threshold throughout the sliding window (from α-n to α). Alternatively, or in addition, evaluating the CSER may comprise calculating a mean message size from α-n through a (e.g., combining mean message size characteristics acrosscyber states 1202N-A), and comparing the calculated mean message size to the specified threshold. By way of further non-limiting example, a CSER may pertain to cyber behavior spanning a range of acquisition times (e.g., from α-n to α). A CSER may comprise an “unused connection” rule, which may require the number of “unused connections” to be lower than a threshold. Evaluating the “unused connection” CSER rule may comprise: identifying requests to open connections at earlier acquisition times in the window (e.g., at or around α-n), and detecting “unused” connections (e.g., detecting connections opened at about acquisition time α-n that remained unused at acquisition time α). Evaluation of the CSER may fail if the number of unused connections exceed an unused connection threshold. - In the
FIG. 12B embodiment, determining thephysical state metrics 555 may comprise the evaluating PSER that correspond to a sliding window ofphysical states 1204A-N. By way of non-limiting example, a PSER may require that generators controlled by one ormore CPCE 105 remain in phase, and/or return to in-phase operation within a threshold time after being disturbed. Evaluating a PSER may comprise determining whether thephysical state metadata 240 indicates that the generators were out-of-phase from α-n to a and, if so, determining an amount of time the generators remained out-of-phase. Evaluation of the PSER may fail in response to determining that the generators were out-of-phase for more than a threshold re-synchronization time. By way of further non-limiting example, a PSER may indicate that an actuator 146 (protective relay) is to open a branch breaker in response to detection of a fault by one ormore sensor devices 144. Evaluating the PSER may comprise determining whether a fault was detected during α-n to a (based onphysical state metadata 240 of the one or more sensor devices 144) and, if so, determining whether theactuator 146 opened the branch breaker in response to detection of the fault. Evaluation of the PSER may fail in response to determining that theactuator device 146 failed to open the branch breaker and/or failed to open the branch breaker by a specified time after detection of the fault. By further non-limiting example, another PSER may specify that theactuator 146 is to close the branch breaker within a specified time after clearance of the fault condition. Evaluating the PSER may comprise determining whether the fault was cleared during α-n to α (based onphysical state metadata 111 pertaining tophysical states 1204N-A) and, if so, determining whether theactuator 146 closed the branch breaker within the specified time of the detection. Although particular examples of CSER and/or PSER pertaining tocyber-physical state 1201A-N at multiple acquisition times α as described herein, the disclosure is not limited in this regard and could be adapted to use, define, and/or evaluate any suitable cyber and/or physical state characteristics covering any suitable time period, window, and/or time range. - In the
FIG. 12B embodiment, thecyber state evaluator 1252 may be further configured to determine cyber state delta (CyΔ)metrics 1263. Determining theCyΔ metrics 1263 may comprise quantifying changes to thecyber state 1202 of the control system 101 (and/or respective regions thereof) as a function of acquisition time. Determining theCyΔ metrics 1263 may comprise correlating cyber state information to a sliding window ofcyber states 1202A-N, which may provide for detection of cyber-attacks resulting in delayed and/or gradual changes to the cyber and/orphysical state 1202/1204 of thecontrol system 101. TheCyΔ metrics 1263 may enable thesecurity engine 1210 to detect and/or mitigate cyber-physical attacks before thecyber state 1202 of thecontrol system 101 exhibits the characteristics thereof (e.g., before thecyber state 1202 transitions from ahealthy CSB 552 to an unhealthy CSB 552). Thephysical state evaluator 1254 may be further configured to determine physical state Δ (PhyΔ)metrics 1265. Determining thePhyΔ metrics 1265 may comprise quantifying changes to the physical state 1204 of the control system 101 (and/or respective regions thereof) as a function of acquisition time. Determining thePhyΔ metrics 1265 may comprise correlating physical state information to a sliding window ofphysical states 1204A-N, which may provide for detection of cyber-physical attacks and/or failure modes resulting in delayed and/or gradual changes to the cyber and/orphysical state 1202/1204 of thecontrol system 101. ThePhyΔ metrics 1265 may enable thesecurity engine 1210 to detect and/or mitigate cyber-physical attacks and/or failure modes before the physical state 1204 of thecontrol system 101 exhibits the characteristics thereof (e.g., before the physical state 1204 transitions from ahealthy CSB 554 to an unhealthy PSB 554). - Determining the
CyΔ metrics 1263 may comprise thecyber state evaluator 1252 determining differences between respectivecyber states 1202A-N, and quantifying a degree to which the respectivecyber states 1202A-N are trending with respect to the evaluation of one or more CSER. Determining theCyΔ metrics 1263 may comprise determining trends regarding CSER evaluation scores (e.g., whether the CSER scores are trending towards CSER failure). Alternatively, or in addition, determining theCyΔ metrics 1263 may comprise determining trends in CSER failures (e.g., number of CSER failures from acquisition time α-n to α). In some embodiments, determining theCyΔ metrics 1263 may comprise determining whether the acquiredcyber states 1202A-N are trending towardunhealthy CSB 552 and away from healthy CSB 552 (or vice versa). - Determining the
PhyΔ metrics 1265 may comprise thephysical state evaluator 1254 determining differences between respectivephysical states 1204A-N, and quantifying a degree to which the respectivephysical states 1204A-N are trending with respect to the evaluation of one or more PSER. Determining thePhyΔ metrics 1265 may comprise determining trends regarding PSER evaluation scores (e.g., whether the PSER scores are trending towards PSER failure). Alternatively, or in addition, determining thePhyΔ metrics 1265 may comprise determining trends in PSER failures (e.g., number of PSER failures from acquisition time α-n to a. In some embodiments, determining thePhyΔ metrics 1265 may comprise evaluating differences between respectivephysical states 1204A-N, and quantifying a degree to which the acquiredphysical states 1204A-N are trending towardunhealthy PSB 554 and away from healthy PSB 554 (or vice versa). - In some embodiments, determining the
CyΔ metrics 1263 may comprise estimating a trajectory of thecyber state 1202 of thecontrol system 101, and/or respective regions thereof (e.g., estimating {right arrow over (Cy)}). The trajectory estimate {right arrow over (Cy)} may be based on, inter alia, the sliding window ofcyber states 1202A-N. Estimating the trajectory {right arrow over (Cy)} may comprise modeling the changes in thecyber states 1202A-N (e.g., modeling changes to thecyber state 1202 from acquisition time α-n to the current acquisition time α). Determining theCyΔ metrics 1263 may further comprise projecting thecyber state 1202 of the control system 101 (and/or respective regions thereof) in accordance with the estimated trajectory {right arrow over (Cy)} (e.g., projecting thecyber state 1202 at times α+1, α+2, and so on), and/or comparing the projectedcyber state 1202 to one ormore CSB 552, as disclosed herein. TheCyΔ metrics 1263 may, therefore, indicate a likelihood that thecyber state 1202 will correspond to specifiedCSB 552 prior tocyber state 1202 exhibiting characteristics of the specifiedCSB 552. TheCyΔ metrics 1263 may quantify a probability that future cyber state(s) 1202 of the control system 101 (and/or respective regions thereof) will correspond tohealthy CSB 552,unhealthy CSB 552, and/or the like. Determining theCyΔ metrics 1263 may comprise determining projected proximate CSB 552 (e.g.,CSB 552 projected to be proximate to futurecyber states 1202 of thecontrol system 101 and/or respective regions thereof). Determining thePhyΔ metrics 1265 may comprise estimating a trajectory of the physical state 1204 ({right arrow over (Phy)}), projecting the physical state 1204, and/or comparing the projected physical state 1204 to one ormore PSB 554, as disclosed herein. - In some embodiments, determining the
CyΔ metrics 1263 may comprise estimating a trajectory of one or more characteristics of thecyber state 1202 as a function of acquisition time α (the characteristics comprising and/or corresponding to:cyber state metadata 220,cyber state parameters 222,cyber state signatures 228, acquired cyber state metadata 1220, acquired cyber state parameters 1222, acquired cyber state signatures 1228, portion(s) thereof, and/or the like). Determining the trajectory of a cyber state characteristic may comprise fitting values of the characteristic at respective acquisition times (incyber states 1202N-A corresponding to acquisition times α-n through α, respectively) to a modeling function. Determining the trajectory of the cyber state characteristic may further comprise determining a projected value of the characteristic (e.g., projecting a value of the characteristic at a future acquisitiontime α+ 1, α+2, . . . α+n). As illustrated inFIG. 12B , determining the trajectory of a cyber state characteristic A (CyA) may comprise fitting values of CyA at acquisition times α-n through a to a modeling function (fCCyA). A projected value of CyA may be determined by use of the fit modeling function (fCCyA).FIG. 12B embodiment, thecyber state evaluator 1252 is configured to determine a projected value of CyA at next acquisitiontime α+ 1. Determining theCyA metrics 1263 may comprise comparing the projected values of the one or more cyber state characteristics to corresponding features of one ormore CSB 552. In theFIG. 12B embodiment, the comparing may comprise comparing the projected value of CyA to a threshold (T_CCyA), which may distinguish a “healthy”cyber state 1202 from an “unhealthy” cyber state 1202 (e.g. the “healthy”cyber state 1202 may correspond tocyber states 1202 in which CyA is lower than T_CCyA the “unhealthy”cyber state 1202 may correspond tocyber states 1202 in which CyA exceeds T_CCyA). The resultingcyber state metrics 1263 produced by thecyber state evaluator 1252 may, therefore, be configured to indicate thatcyber state 1202 is transitioning to an “unhealthy” cyber state 1202 (e.g., an unhealthy CSB 552). Determining theCyΔ metrics 1263 may, therefore, comprise determining projectedproximate CSB 552, as disclosed above. Determining thePhyΔ metrics 1265 may comprise estimating a trajectory of one or more characteristics of thephysical state 1202, projecting the physical state characteristics, and/or comparing the projected physical state characteristics to one ormore PSB 554, as disclosed herein. Although particular techniques for estimating the trajectory of cyber and/orphysical states 1202/1204 (and/or characteristics thereof) and/or determining projected states and/or state characteristics are described herein, the disclosure is not limited in this regard and could be adapted to use any suitable estimation and/or projection means (e.g., interpolation, linear fit, curve fit, exponential fit, polynomial fit, Savitsky-Golay polynomial estimation, and/or the like). - The
security engine 1210 may be configured to determinecyber-physical health metadata 180 for the control system 101 (and/or respective regions thereof), which may comprise determiningcyber health metadata 182, andphysical health metadata 184. Thesecurity engine 1210 may be configured to determine thecyber health metrics 282, which may be based on, inter alia,error metrics 175, CPSC metrics 575, andcyber state metrics 553, as disclosed herein. In theFIG. 12B embodiment, determining thecyber health metrics 282 may further comprise incorporatingCyΔ metrics 1263 determined by thecyber state evaluator 1252, as disclosed herein. Thecyber health metrics 282 may, therefore, be configured to correlate cyber state information to a sliding window ofcyber states 1202A-N, which may provide for detection of cyber-attacks resulting in delayed and/or gradual changes to the cyber and/orphysical state 1202/1204 of thecontrol system 101. Incorporating theCyΔ metrics 1263 may comprise monitoring changes to thecyber state 1202N-A of the control system 101 (and/or respective regions thereof) with respect to evaluation of one or more CSER (e.g., whether thecyber state 1202 is trending towards increased CSER failures). Incorporating theCyΔ metrics 1263 may comprise quantifying a degree to which thecyber state 1202 of the control system 101 (and/or respective regions thereof) is trending away fromhealthy CSB 552, towardsunhealthy CSB 552, and/or the like. Alternatively, or in addition, incorporating theCyΔ metrics 1263 may comprise quantifying a degree to which respective cyber state characteristics are trending away from characteristics ofhealthy CSB 552, towards characteristics ofunhealthy CSB 552, and/or the like. In some embodiments, incorporating theCyΔ metrics 1263 may comprise identifying projectedproximate CSB 552, which may compriseCSB 552 to which thecyber state 1202 of the control system 101 (and/or respective regions thereof) is projected to converge. - The
security engine 1210 may be further configured to determine thephysical health metrics 284, which may be based on, inter alia,error metrics 175, CPSC metrics 575, andphysical state metrics 555, as disclosed herein. In theFIG. 12B embodiment, determining thephysical health metrics 284 may further comprise incorporatingPhyΔ metrics 1265 determined by thephysical state evaluator 1254, as disclosed herein. Thephysical health metrics 284 may, therefore, be configured to correlate physical state information to a sliding window ofphysical states 1204A-N, which may provide for detection of component attacks, physical attack vectors, and/or failure modes resulting in delayed and/or gradual changes to the cyber and/orphysical state 1202/1204 of thecontrol system 101. Incorporating thePhyΔ metrics 1265 may comprise monitoring changes to thephysical state 1204N-A of the control system 101 (and/or respective regions thereof) with respect to evaluation of one or more PSER (e.g., whether the physical state 1204 is trending towards increased PSER failures). Incorporating thePhyΔ metrics 1265 may comprise quantifying a degree to which the physical state 1204 of the control system 101 (and/or respective regions thereof) is trending away fromhealthy PSB 554, towardsunhealthy PSB 554, and/or the like. Alternatively, or in addition, incorporating thePhyΔ metrics 1265 may comprise quantifying a degree to which respective physical state characteristics are trending away from characteristics ofhealthy PSB 554, towards characteristics ofunhealthy PSB 554, and/or the like. In some embodiments, incorporating thePhyΔ metrics 1265 may comprise identifying projectedproximate PSB 554, which may comprisePSB 554 to which the physical state 1204 of the control system 101 (and/or respective regions thereof) is projected to converge. - The
security engine 1210 may be configured to implement mitigation operations in accordance with the determinedcyber-physical state metadata 180, as disclosed herein. Thesecurity engine 1210 may be further configured to implement mitigation operations in accordance with the cyber and/orphysical state metrics 553/555 and/or the corresponding cyber and/orphysical health metrics 282/284. In theFIG. 12B embodiment, thesecurity engine 1210 may be further configured to implement mitigation operations in response to CyΔ and/orPhyΔ metrics 1263/1265 indicating that the cyber and/or physical health of thecontrol system 101 is degrading (e.g., trending towards unhealthy CSB and/orPSB 552/554). Thesecurity engine 1210 may be configured to determine that acyber state 1202 of the control system 101 (and/or region thereof) is trending toward anunhealthy CSB 552 in response to one or more of: CSB error metrics between projectedcyber states 1202 andhealthy CSB 552 failing to satisfy one or more healthy state error thresholds, CSB error metrics between the projectedcyber states 1202, projectedproximate CSB 552 failing to include ahealthy CSB 552, CSB error metrics between the projectedcyber states 1202 andunhealthy CSB 552 failing to satisfy one or more unhealthy state error thresholds, projectedproximate CSB 552 including anunhealthy CSB 552, and/or the like. Thesecurity engine 1210 may be further configured to determine that aphysical state 1202 of thecontrol system 101 is degrading and/or trending towards anunhealthy PSB 554, as disclosed above (e.g., based on, inter alia, PSB error metrics between projected physical states 1204 and healthy and/orunhealthy PSB 552, projectedproximate PSB 554, and/or the like). - The
security engine 1210 may be configured to implement mitigation operations in accordance with identified proximate CSB and/orPSB 552/554, as disclosed above. In theFIG. 12B embodiment, thesecurity engine 1210 may be further configured to implement mitigation operations in accordance with projected proximate CSB and/orPSB 552/554. As disclosed above, theCyΔ metrics 1263 may indicate that thecyber state 1202 of the control system 101 (and/or a region thereof) is projected to converge to anunhealthy CSB 552 at a future acquisition time (e.g, at an acquisition time α+p, where p is the projection time). In response, thesecurity engine 1210 may implement mitigation operations in accordance with the projectedunhealthy CSB 552, as disclosed above (may implement mitigation operations corresponding to the mitigation operations implemented in response to determining that thecyber state 1202 corresponds to the unhealthy CSB 552). Thesecurity engine 1210 may adapt the mitigation operations in accordance with confidence in the projection and/or a proximity of the projection. Thesecurity engine 1210 may be configured to increase the priority of the mitigation operations (and/or warning level(s) of corresponding notifications) in proportion to the corresponding CPSC metrics 575 and/or in inverse proportion to the proximity. Thesecurity engine 1210 may be further configured to implement mitigation operations in accordance with projectedunhealthy PSB 554, as disclosed above. -
FIG. 13A is a schematic block diagram of another embodiment of anRS agent 110, as disclosed herein. In theFIG. 13A embodiment, theRS agent 110 may comprise asecurity engine 1210,key generator 1212,communication manager 1216,error monitor 1218, and/oracquisition engine 1206, as disclosed herein. TheRS agent 110 may further comprise astate engine 1290, which may be configured to maintaincyber-physical state metadata 111 configured to characterize the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof), as disclosed herein. In theFIG. 13A embodiment, thestate engine 1290 may be further configured to determine estimatedcyber-physical state metadata 1311 for the control system 101 (and/or respective regions thereof), which may comprise determining an estimatedcyber-physical state 1301 of thecontrol system 101 based on, inter alia, existingcyber-physical state metadata 111 maintained by the RS agent 110 (and/or an existing cyber-physical state 1201). Thestate engine 1290 may be further configured to determine state estimation metrics 1375, which may be configured to quantify errors, differences, and/or distances between acquiredcyber-physical state metadata 1211 and corresponding estimatedcyber-physical state metadata 1311. - As disclosed above, the
acquisition engine 1206 may be configured to acquirecyber-physical state metadata 1211, which may be configured to characterize the cyber-physical state 1201 of the control system 101 (and/or selected regions thereof) at specified acquisition times α. Thestate engine 1290 may be configured incorporate the acquiredcyber-physical state metadata 1211, which may comprise incorporation into existingcyber-physical state metadata 111 configured to characterize the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof) previous to the specified acquisition time α (e.g., at acquisition times α-p, where p is a time since thecyber-physical state metadata 111 was last acquired). In theFIG. 13A embodiment, thestate engine 1290 may be further configured to determine estimatedcyber-physical state metadata 1311 corresponding to the acquiredcyber-physical state metadata 1211, which comprise determining acyber-physical state estimate 1301 at acquisition time α based on, inter alia,cyber-physical state metadata 111 corresponding to the previous acquisition time α-p. Determining thecyber-physical state estimate 1301 may comprise determining estimatedcyber-physical state metadata 1311 based on, inter alia, the existingcyber-physical state metadata 111 corresponding to the previous acquisition time α-p. Determining thecyber-physical state estimate 1301 may comprise determining a cyber state estimate 1302 (and/or estimated cyber state metadata 1320), determining a physical state estimate 1304 (and/or estimated physical state metadata 1340), and/or the like. Determining the estimatedcyber-physical state metadata 1311 may comprise projecting the existingcyber-physical state metadata 111 from acquisition time α-p to the acquisition time α of the acquiredcyber-physical state metadata 1211. The estimatedcyber-physical state metadata 1311 and the acquiredcyber-physical state metadata 1211 may, therefore, correspond to a same (and/or substantially similar) acquisition time α. Thestate estimator 1290 may be further configured to determine state estimation metrics 1375 for the acquiredcyber-physical state metadata 1211 by, inter alia, comparing the acquiredcyber-physical state metadata 1211 to the estimatedcyber-physical state metadata 1311. The state estimation metrics 1375 may comprise cyber state estimation metrics 1376, which may be configured to quantify error, differences, and/or distances between acquired cyber state metadata 1220 and estimatedcyber state metadata 1320. The state estimation metrics 1375 may further comprise physical state estimation metrics 1378, which be configured to quantify error, differences, and/or distances between acquiredphysical state metadata 1240 and estimatedphysical state metadata 1340. - The
state engine 1290 may determine cyber-physical state estimates 1301 corresponding to acquiredcyber-physical state metadata 1211 using any suitable state estimation and/or observation technique. In some embodiments, thestate engine 1290 is configured to determine cyber-physical state estimates 1301 by use of aprocess model 1315 of the control system 101 (and/orprocess models 1315 corresponding to respective CPCE 105). The process model may 1315 comprise any suitable means for modeling and/or determiningcyber-physical state estimates 1301. In one embodiment, theprocess model 1315 may comprise and/or correspond to a linear time-varying (LTV) model of the control system 101 (and/orrespective CPCE 105 thereof), as follows: -
CPSα =A α-pCPSα-p +B α-p u α-p +N α-p W α-p -
y α-p =C α-pCPSα-p +D α-p −u α-p +v α-p - In the expression above, CPSα may comprise an estimated
cyber-physical state 1301 of thecontrol system 101 at acquisition time α (acquisition time α corresponding to acquiredcyber-physical state metadata 1211, as disclosed herein), which may be based on CPSα-p, which may be configured to model the cyber-physical state 1201 of thecontrol system 101 at an earlier acquisition time (e.g., acquisition time α-p of the existingcyber-physical state metadata 111 maintained by the RS agent 110); uα-p, wα-p, vα-p, and yα-p may be configured to model control inputs, process noise, measurement noise, and output state of thecontrol system 101 at the acquisition time α-p, respectively. Parameters Aα-p,-Nα-p may comprise weighting and/or scaling factors. The process and/or measurement noise (wα-p and/or vα-p) may correspond to error and/orCPSC metrics 175/575 (and/or corresponding cyber-physical health metadata 180), as disclosed herein. - In some embodiments, the
state engine 1290 may be configured to determine state estimation metrics 1375 for acquiredcyber-physical state metadata 1211. Determining the state estimation metrics 1375 for acquiredcyber-physical state metadata 1211 configured to characterize a cyber-physical state of selectedCPCE 105 at a specified acquisition time α may comprise: determining acyber-physical state estimate 1301 for the selectedCPCE 105 based on the cyber-physical state 1201 of theCPCE 105 at a previous acquisition time (e.g., acquisition time α-p), and comparing thecyber-physical state estimate 1301 to the acquiredcyber-physical state metadata 1211. Determining thecyber-physical state estimate 1301 may comprise: identifyingcyber-physical state metadata 111 pertaining to the selectedCPCE 105, determining an acquisition time of the identifiedcyber-physical state metadata 111 relative to the specified acquisition time α (e.g., determining the previous acquisition time α-p of the existing cyber-physical state metadata 111), and determining estimatedcyber-physical state metadata 1311 based on the identifiedcyber-physical state metadata 111, the determined acquisition time α-p, and process model(s) 1315 of the selectedCPCE 105. Determining the estimatedcyber-physical state metadata 1311 may comprise projecting the existingcyber-physical state metadata 111 from the previous acquisition time α-p to the specified acquisition time α. Determining the estimatedcyber-physical state metadata 1311 may comprise using the process model(s) 1315 to determine estimatedcyber state metadata 1320 from existingcyber state metadata 220, determine estimatedphysical state metadata 1340 from existingphysical state metadata 240, and/or the like. - The state estimate metrics 1375 may be configured to quantify a degree to which the acquired
cyber-physical state metadata 1211 differs from the estimatedcyber-physical state metadata 1311. Determining the state estimate metrics 1375 for acquiredcyber-physical state metadata 1211 may comprise comparing the acquiredcyber-physical state metadata 1211 to corresponding estimatedcyber-physical state metadata 1311. The state estimate metrics 1375 may comprise cyber estimate metrics 1376 and physical estimate metrics 1378. The cyber state error metrics 1376 may quantify differences between acquired cyber state metadata 1220 (e.g., acquired cyber state parameters and/or signatures 1222/1228) and corresponding estimatedcyber state metadata 1320. The physical state error metrics 1378 may quantify differences between acquired physical state metadata 1240 (e.g., acquired physical state parameters and/or signatures 1242/1248) and corresponding estimatedphysical state metadata 1340. - The
state engine 1290 may be further configured to incorporate the determined state estimate metrics 1375 into thecyber-physical health metadata 180. Thestate engine 1290 may be configured to incorporatestate error parameters 181 into the cyber and/orphysical health metadata 182 and/or 184, which may quantify a degree to which respective acquiredcyber-physical metadata 1211 diverges from corresponding estimatedcyber-physical state metadata 1311. Thestate engine 1290 may be configured to incorporate cyber estimation metrics 1376 into correspondingcyber health metadata 182 and incorporate physical estimation metrics 1378 into correspondingphysical health metadata 184. Thesecurity engine 1210 may be configured to determine composite cyber-physical health metrics pertaining to respective regions of thecontrol system 101 based on the incorporated state estimation metrics 1375. Thesecurity engine 1210 may be configured to determine thecyber health metrics 282, which may be based on, inter alia,error metrics 175, CPSC metrics 575, and/or cyber estimation metrics 1376, as disclosed herein. Thesecurity engine 1210 may be configured to determine thephysical health metrics 284, which may be based on, inter alia,error metrics 175, CPSC metrics 575, and/or physical estimation metrics 1378, as disclosed herein. - The
security engine 1210 may be configured to implement mitigation operations in accordance with the determined cyber and/orphysical health metrics 282/284. Thesecurity engine 1210 may be configured to implement mitigation operations in response toerror metrics 175 that exceed one or more error thresholds, CPSC metrics 575 that fail to satisfy one or more confidence thresholds, and so on, as disclosed herein. Thesecurity engine 1210 may be configured to detect high cyber and/or physical estimation metrics 1376/1378 (by use of one or more cyber and/or physical estimation thresholds, or the like). Thesecurity engine 1210 may be configured to implement mitigation operations in response to high cyber estimation metrics 1376, which may indicate differences between acquiredcyber-state metadata 1211 and corresponding estimated cyber-physical state metadata 1376, which may be due to cyber-attack, and/or compromise of one ormore cyber components 120, theCS network 122,cyber nodes 124, and/or the like. In response to detecting high cyber estimation metrics 1376, thesecurity engine 1210 may be configured to adapt communication ofsubsequent state keys 160 to, inter alia, determine a source of the high cyber estimation metrics 1376, as disclosed herein (e.g., adapt communication of thesubsequent state keys 160 in accordance with a cyber isolation scheme). Thesecurity engine 1210 may be further configured to implement mitigation operations in response to cyber estimation metrics 1376, which may include, but are not limited to: generating notifications pertaining to cyber estimation metrics 1376 (e.g., the notifications identifying potential causes of the high cyber estimation metrics 1376), deactivating, isolating, and/or resettingcyber-physical components 102 associated with the high cyber estimation metrics 1376 (e.g.,cyber components 120,cyber nodes 124,cyber paths 126, and/or the like), and so on. - The
security engine 1210 may be further configured to implement mitigation operations in response to detecting high physical estimation metrics 1378. In response to acquiredstate metadata 1211 covering specified CPCE 105 having high physical estimation metrics 1378, thesecurity engine 1210 may be configured to adapt communication ofsubsequent state keys 160 to, inter alia, determine a source of the high physical estimation metrics 1378, as disclosed herein (e.g., adapt communication of thesubsequent state keys 160 in accordance with a physical isolation scheme). Thesecurity engine 1210 may be further configured to implement mitigation operations in response to the high physical estimation metrics 1378, which may include, but are not limited to: generating notifications pertaining to the high physical estimation metrics 1378 (e.g., the notifications identifying potential causes of the high physical estimation metrics 1378), slowing control function(s) of theCPCE 105, halting control function(s) of theCPCE 105, modifying the control function(s) of the CPCE 105 (e.g., implementing a “safe mode” of the CPCE 105), isolating theCPCE 105 fromother CPCE 105 of thecontrol system 101,physical components 140 of theCPCE 105 from othercyber-physical components 102 of thecontrol system 101, and/or the like. -
FIG. 13B is a schematic block diagram of another embodiment ofcyber-physical system 100 comprising anRS agent 110, as disclosed herein. TheRS agent 110 may be configured to communicatestate keys 160 through selected regions of thecontrol system 101, and determineerror metrics 175 for thestate keys 160, as disclosed herein. TheRS agent 110 may be further configured to acquire the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof), which may comprise acquiringcyber-physical state metadata 1211 in conjunction with communication of respective state keys 160 (and/orfragments 161 thereof), determining CPSC metrics 575 quantifying a confidence in the accuracy of the acquiredcyber-physical state metadata 1211, and/or incorporating the acquiredcyber-physical state metadata 1211 in accordance with the determined CPSC metrics 575. TheRS agent 110 may be further configured to maintaincyber-physical state metadata 111 corresponding to a range of acquisition times α, includingcyber-physical state metadata 111 configured to characterize a plurality ofcyber-physical states 1201A-N of the control system 101 (and/or respective regions thereof), eachcyber-physical state 1201A-N corresponding to a respective acquisition time α through α-n. - In the
FIG. 13B embodiment, thestate engine 1290 may be configured to determine estimatedcyber-physical state metadata 1311 corresponding to acquiredcyber-physical state metadata 1211, and determine corresponding state estimation metrics 1375, as disclosed herein. Thestate engine 1290 may be further configured to determine cyber state projections, physical state projections, cyber characteristic projections, physical characteristic projections and/or the like, as disclosed herein. TheRS agent 110 may comprise acyber state evaluator 1252, which may be configured to determinecyber state metrics 553 and/orCyΔ metrics 1263 for the control system 101 (and/or respective regions thereof) in accordance with the acquired cyber state(s) 1202A-N and one ormore CSB 552, as disclosed herein (e.g., by use of cyber state projections and/or cyber characteristic projections determined by thestate engine 1290. TheRS agent 110 may further comprise aphysical state evaluator 1254, which may be configured to determinephysical state metrics 555 and/orPhyΔ metrics 1265 for the control system 101 (and/or respective regions thereof) in accordance with the acquired physical state(s) 1204A-N and one ormore PSB 554, as disclosed herein (e.g., by use of physical state projections and/or physical characteristic projections determined by the state engine 1290). - The
security engine 1210 may be configured to determinecyber-physical health metadata 180 for the control system 101 (and/or respective regions thereof), which may comprise determiningcyber health metadata 182, andphysical health metadata 184. Thesecurity engine 1210 may be configured to determine thecyber health metrics 282, which may be based on, inter alia,error metrics 175, CPSC metrics 575,cyber state metrics 553,CyΔ metrics 1263, and/or cyber estimation metrics 1376, as disclosed herein. Thesecurity engine 1210 may be configured to determine thephysical health metrics 284, which may be based on, inter alia,error metrics 175, CPSC metrics 575,physical state metrics 555,PhyΔ metrics 1265, and/or physical estimation metrics 1378, as disclosed herein. - The
security engine 1210 may be configured to implement mitigation operations in accordance with the determined cyber and/orphysical health metrics 282/284. Thesecurity engine 1210 may be configured to implement mitigation operations in response to:error metrics 175 that exceed one or more error thresholds, CPSC metrics 575 that fail to satisfy one or more confidence thresholds, and/or the like. Thesecurity engine 1210 may be further configured to implement mitigation operations in response to:cyber state metrics 553,CyΔ metrics 1263,physical state metrics 555, and/orPhyΔ metrics 1265, as disclosed herein. In theFIG. 13B embodiment, thesecurity engine 1210 may be further configured to implement mitigation operations based on cyber estimation metrics 1376 and/or physical estimation metrics 1378, as disclosed above. -
FIG. 14A is a schematic block diagram of another embodiment of anRS agent 110, as disclosed herein. The RSagent 110 may comprise asecurity engine 1210,key generator 1212,communication manager 1216,error monitor 1218,acquisition engine 1206, andstate engine 1290, as disclosed herein. TheRS agent 110 may comprise and/or be communicatively coupled to adata store 1401, which may comprisecyber-physical state metadata 111, asecurity policy 211, and/or acoverage schema 511, as disclosed herein. In some embodiments, thedata store 1401 may be embodied bystorage resources 204 of theRS agent 110. Alternatively, or in addition, thedata store 1401 may comprise storage resources of one or more othercyber-physical components 102 of thecontrol system 101. TheRS agent 110 may be configured to communicatestate keys 160, acquirecyber-physical state metadata 1211, determineerror metrics 175 corresponding torespective state keys 160, determine CPSC metrics 575 corresponding to the acquiredcyber-physical state metadata 1211, incorporate the acquiredcyber-physical state metadata 1211, and/or determinecyber-physical health metadata 180 in accordance with thedetermined error metrics 175, CPSC metrics 575, and/or the like, as disclosed herein. - In the
FIG. 14A embodiment, thesecurity engine 1210 may be further configured to determine cyber-physicalstate error metrics 1471 for the control system 101 (and/or respective regions thereof), the cyber-physicalstate error metrics 1471 quantifying error, differences, and/or distances between the acquired cyber-physical state 1201 and one or more cyber-physical state profiles. As used herein, a “cyber-physical state profile” refers to a collection of cyber state classification features and corresponding classification values configured to characterize designated cyber-physical classifications of thecontrol system 101 and/or distinguish the designated cyber-physical state classifications from other cyber-physical state classifications. Acyber state profile 1412 may comprise cyber classification features and/or classification values configured to characterize a designatedcyber state classification 1413. Aphysical state profiles 1414 may comprise physical classification features and/or classification values configured to characterize a designatedphysical state classification 1415. As used herein, acyber state classification 1413 refers to a particular classification of cyber state(s) 1202 of the control system 101 (and/or range of cyber states 1202) that are indicative of particular cyber state types, cyber behaviors, cyber operation and/or the like. As used herein, aphysical state classification 1415 refers to a particular classification of physical state(s) 1204 of the control system 101 (and/or range of physical states 1204) that are indicative of particular physical state types, physical behaviors, physical operation, and/or the like. - The
data store 1401 may further comprise a classification schema 1416, which may define cyber classification features 1422 of the cyber state profiles 1412 (e.g., cyber classification features 1422 by whichcyber state classifications 1413 of thecyber state profiles 1412 are characterized and/or distinguished). The cyber classification features 1422 may comprise a subset of cyber-physical state information capable of being acquired from the control system 101 (e.g., may correspond to a subset of thecyber-physical state data 1207,CPS datasets 1209,RCPS data 1217, acquiredcyber-physical state metadata 1211, acquired cyber state metadata 1220, acquired cyber state parameters 1222, acquired cyber state signatures 1228cyber-physical state metadata 111,cyber state metadata 220,cyber state parameters 222, and/orcyber state signatures 228, as disclosed herein). The cyber classification features 1422 may comprise and/or correspond to cyber state characteristics determined to characterize and/or distinguish thecyber state classifications 1413 of the cyber state profiles 1412, and may exclude cyber state characteristics determined to be non-distinguishing. - In some embodiments, the cyber classification features 1422 may be determined and/or learned by, inter alia, a
cyber state classifier 1424. Thecyber state classifier 1424 may learn the cyber classification features 1422 by use of cyberclassification training data 1402. The cyberclassification training data 1402 may comprise a plurality of training datasets 1421A-N, each comprising cyber state data 1432 corresponding to a designatedcyber state classification 1413, which may indicate that the cyber state data 1432 corresponds to: a particular cyber state classification 1413 (e.g., is a true positive of the particular cyber state classification 1413), does not correspond to the particular cyber state classification 1413 (e.g., is a true negative), corresponds to a differentcyber state classification 1413, does not correspond to anycyber state classification 1413, and/or the like. Thecyber state classifier 1424 may use thetraining datasets 1421 to, inter alia, learn and/or extract cyber classification features 1422 that result in accurate classification of the cyberclassification training data 1402. Thecyber state classifier 1424 may use thetraining datasets 1421 to, inter alia, learn and/or extract cyber classification features 1422 capable of characterizing and/or distinguishing cyberclassification training data 1402 corresponding to the designatedcyber state classification 1413 from cyberclassification training data 1402 corresponding to othercyber state classifications 1413. Thecyber state classifier 1424 may comprise any suitable classification means including, but not limited to: a self-organizing map (SOM), an artificial neural network (ANN), an auto encoder, a Monte Carlo classifier, and/or the like. The training datasets 1421A-N may comprise cyber state data 1432 captured during operation of the control system 101 (and/or during simulated operation) and, as such, may have a large dimensionality (e.g., may comprise the full dimensionality of cyber state information,metadata 220,parameters 222, and/orsignatures 228 capable of being acquired from the cyber-physical system 100). Thecyber state classifier 1424 may be configured to reduce the dimensionality of the cyberclassification training data 1402, which may comprise determining cyber classification features 1422 corresponding to a subset of the cyber state information capable of being acquired from thecontrol system 101. Thecyber state classifier 1424 may be further configured to determinecyber classification values 1428, which may comprise values, weights, and/or other classification information corresponding to the cyber state classification features 1422. Thecyber classification values 1428 may comprise and/or correspond to characteristics of the acquiredcyber state 1202 of the control system 101 (cyber state characteristics), such ascyber state metadata 220,cyber state parameters 222,cyber state signatures 228, portion(s) thereof, and/or the like. - In some embodiments, the physical classification features 1442 may be determined and/or learned by, inter alia, a
physical state classifier 1444. Thephysical state classifier 1444 may learn physical classification features 1444 by use of physicalclassification training data 1404, as disclosed herein. The physicalclassification training data 1404 may comprise a plurality of training datasets 1441A-N, each comprising physical state data 1434 having a designatedphysical state classification 1415, as disclosed herein. Thephysical state classifier 1444 may use thetraining datasets 1441 to, inter alia, learn and/or extract physical classification features 1442 that result in accurate classification of the physicalclassification training data 1404. Thephysical state classifier 1444 may comprise any suitable classification means, as disclosed herein. Thephysical state classifier 1444 may be configured to reduce the dimensionality of thephysical training data 1404, which may comprise determining physical classification features 1442 comprising a subset of the physical state information capable of being acquired from thecontrol system 101. Thephysical state classifier 1444 may be further configured to determinephysical classification values 1448 corresponding to the physicalstate classification parameters 1442. Thephysical classification values 1448 may comprise values, weights, and/or other classification information corresponding to the physical state classification features 1442. Thephysical classification values 1448 may comprise and/or correspond to characteristics of the acquired physical state 1204 of the control system 101 (physical state characteristics), such asphysical state metadata 240,physical state parameters 242,physical state signatures 248, portion(s) thereof, and/or the like. - In some embodiments, the
RS agent 110 may comprise a plurality of cyber state profiles 1412A-N and/or physical state profiles 1414A-N. TheRS agent 110 may comprisecyber state profiles 1412A configured to characterize “healthy” cyber states of the control system 101 (and/or respective regions thereof), cyber state profiles 1412N configured to characterize “unhealthy” cyber states, and so on. The healthycyber state profiles 1412A may comprise cyber classification features 1422 and/orcorresponding classification values 1428 configured to characterize “healthy”cyber states 1202 of thecontrol system 101, as disclosed herein (e.g., healthycyber states 1202 corresponding to different operating conditions). The “unhealthy” cyber state profiles 1412N may comprise cyber classification features 1422 and/orcorresponding classification values 1428 configured to characterize “unhealthy”cyber states 1202 of thecontrol system 101, as disclosed herein (e.g.,cyber states 1202 corresponding to particular types of cyber-attacks, compromise of particularcyber components 120, and/or the like). The healthy and unhealthy cyber state profiles 1412A-N may be learned by use of corresponding cyberclassification training data 1402, as disclosed herein (e.g.,training datasets 1421 corresponding to various healthy and/or unhealthycyber states 1202 and/or behavior). - The
RS agent 110 may further comprisephysical state profiles 1412A configured to characterize “healthy” physical states 1204 of the control system 101 (and/or respective regions thereof). The “healthy”physical state profiles 1412A may comprise physical classification features 1442 and/orcorresponding classification values 1448 configured to characterize “healthy” physical states 1204 of thecontrol system 101, as disclosed herein (e.g., healthy physical states 1204 corresponding to different operating conditions). The “unhealthy” physical state profiles 1414N may comprise physical classification features 1442 and/orcorresponding classification values 1448 configured to characterize “unhealthy” physical states 1204 of thecontrol system 101, as disclosed herein (e.g., physical states 1204 corresponding to particular types of component and/or physical attacks, physical attack vectors, compromise of particular computational and/orphysical components 130/140, physical failure modes, and/or the like). - The healthy
physical state profiles 1412A may, for example, characterize behavior of protective relay components under different load conditions (e.g., when generators and/or loads are brought online and/or taken offline), while responding to disturbances (e.g., when temporarily out-of-phase), during fault conditions, and/or the like. The healthyphysical state profiles 1412A may comprise physical state information indicating healthy or “nominal” responses to such conditions (e.g., balance generation/load within a specified time, stabilize out-of-phase conditions, open breakers in response to fault conditions, and so on). The unhealthy physical state profiles 1414N may correspond to physical states 1204 and/or behavior during attacks directed to particular computational and/orphysical components 130/140 (and/or physical environment), physical failure modes, and/or the like. The healthy and unhealthy physical state profiles 1414A-N may be learned by use of corresponding physicalclassification training data 1404, as disclosed herein (e.g.,training datasets 1441 corresponding to various healthy and/or unhealthy physical states 1204 and/or behavior). - The
RS agent 110 may be configured to acquire and/or maintaincyber-physical state metadata 111 by use of, inter alia, theacquisition engine 1206. As disclosed above, theacquisition engine 1206 may be configured to acquirecyber-physical state metadata 1211 pertaining to the cyber and/or physical state of selected regions of thecontrol system 101, which may be incorporated into thecyber-physical state metadata 111 maintained by the RS agent 110 (along with corresponding CPSC metrics 575). In theFIG. 14A embodiment, theacquisition engine 1206 may be configured to acquirecyber-physical state metadata 1211 in accordance with the classification schema 1416, which may correspond to a subset of the cyber-physical state information capable of being acquired thereby (e.g., reduced dimensionality representation of the cyber and/or physical state of thecontrol system 101, as disclosed herein). Theacquisition engine 1206 may be configured to acquirecyber-physical state data 1207 that include information pertaining to the cyber classification features 1422 and/or physical classification features 1442 of the classification schema 1416, and exclude other cyber and/or physical state information. Theacquisition engine 1206 may, therefore, acquire a more limited range of cyber-physical state information from thecontrol system 101, which may reduce overhead imposed thereon. Theacquisition engine 1206 may be further configured to acquirecyber-physical state metadata 1211, including acquired cyber state metadata 1220 (e.g., acquired cyber state parameters 1222 and/or cyber state signatures 1228) and/or acquired physical state metadata 1240 (e.g., acquired physical state parameters 1222 and/or physical state signatures 1248) in accordance with the classification schema 1416. Thesecurity engine 1210 may be configured to determine CPSC metrics 575 corresponding to the acquiredcyber-physical state metadata 1211, and thestate engine 1290 may be configured to incorporate the acquiredcyber-physical state metadata 1211 into thecyber-physical state metadata 111 in accordance with the determined CPSC metrics 575, as disclosed herein. - In the
FIG. 14A embodiment, thesecurity engine 1210 may be further configured to determine cyber-physicalstate error metrics 1471, which may quantify a degree to which the cyber-physical state 1201 of control system 101 (and/or regions thereof) as acquired by theRS agent 110 differs from respective cyber and/orphysical state profiles 1412/1414. Thesecurity engine 1210 may be configured to determine one or more cyberstate error metrics 1472, which may quantify error between the acquiredcyber state 1202 of the control system 101 (e.g., cyber state metadata 220) and respective cyber state profiles 1412. Determining cyberstate error metrics 1472 for acyber state profile 1412 may comprise comparingcyber classification values 1428 of thecyber state profile 1412 to corresponding characteristics of the cyber state 1202 (e.g.,cyber state metadata 220, one or morecyber state parameters 222, one or morecyber state signatures 228, acquired cyber state metadata 1220, one or more acquired cyber state parameters 1222, one or more acquired cyber state signatures 1228, portion(s) thereof, and/or the like). Thecyber classification values 1428 of acyber state profile 1412 may comprise a signature of specified cyber state information (as specified by the cyber classification features 1422). Determining cyberstate error metrics 1472 for thecyber state profile 1412 may comprise comparing the signature to signature(s) derived from the cyber state 1202 (e.g., signature(s) derived fromcyber state metadata 220 maintained by the RS agent 110). - In some embodiments, the
security engine 1210 may be configured to determine a plurality of cyberstate error metrics 1472A-N, each of which may be configured to quantify errors, differences, and/or distances between thecyber state 1202 of the control system 101 (and/or respective regions thereof) and respectivecyber profiles 1412A-N. Thesecurity engine 1210 may be configured to determine cyberstate error metrics 1472A, which may quantify error, differences, and/or distances between thecyber state 1202 and healthy cyber state profiles 1412A. Thesecurity engine 1210 may be further configured to determine cyberstate error metrics 1472 corresponding to other cyber state profiles 1412, including cyberstate error metrics 1472N, which may be configured to quantify error, differences, and/or distances between thecyber state 1202 and unhealthy cyber state profiles 1412N (e.g., unhealthy cyber state profiles 1412N corresponding to particular types of cyber-attacks, compromise of particularcyber components 120, and/or the like). - In some embodiments, the
security engine 1210 may be configured to determine cyberstate error metrics 1472A-N pertaining to respective regions of the control system 101 (e.g., respective CPCE 105), which may comprise comparingcyber state metadata 220 covering the respective regions to correspondingcyber classification values 1428 of respective cyber state profiles 1412, as disclosed herein (e.g., healthy cyber state profiles 1412A, unhealthy cyber state profiles 1412N, and so on). Thecyber error metrics 1472A-N may further comprise confidence metrics, which may comprise and/or correspond to confidence metrics of the correspondingcyber profiles 1412A-N and/or CPSC metrics 575 associated with thecyber states 1202A-N from which thecyber error metrics 1472A-N were derived (e.g., CPSC metrics 575 ofcyber state metadata 220 and/or acquired physical state metadata 1220 of the respectivecyber states 1202A-N). - The
security engine 1210 may be configured to determine physicalstate error metrics 1474, which may quantify error, differences, and/or distances between the acquired physical state 1204 of thecontrol system 101 and respective physical state profiles 1414. Determining physicalstate error metrics 1474 for aphysical state profile 1412 may comprise comparingphysical classification values 1448 of thephysical state profile 1412 to corresponding characteristics of the physical state 1204 (e.g.,physical state metadata 240, one or morephysical state parameters 242, one or morephysical state signatures 248, acquiredphysical state metadata 1240, one or more acquired physical state parameters 1242, one or more acquired physical state signatures 1248, portion(s) thereof, and/or the like). Thephysical classification values 1448 of aphysical state profile 1412 may comprise a signature of specified physical state information (as specified by the physical classification features 1442). Determining physicalstate error metrics 1474 for thephysical state profile 1412 may comprise comparing the signature to signature(s) derived from the physical state 1204 (e.g., signature(s) derived fromphysical state metadata 240 maintained by the RS agent 110). - In some embodiments, the
security engine 1210 may be configured to determine a plurality of physicalstate error metrics 1474A-N, each of which may be configured to quantify errors, differences, and/or distances between the physical state 1204 of the control system 101 (and/or respective regions thereof) and respectivephysical profiles 1414A-N. Thesecurity engine 1210 may be configured to determine physicalstate error metrics 1474A, which may quantify error, differences, and/or distances between the physical state 1204 and healthy physical state profiles 1414A. Thesecurity engine 1210 may be further configured to determine physicalstate error metrics 1474 corresponding to otherphysical state profiles 1414, including physicalstate error metrics 1474N, which may be configured to quantify error, differences, and/or distances between the physical state 1204 and unhealthy physical state profiles 1414N (e.g., unhealthy physical state profiles 1414N corresponding to particular types of component attacks, physical attack vectors, compromise of particularphysical components 130, failure modes, and/or the like). - In some embodiments, the
security engine 1210 may be configured to determine physicalstate error metrics 1474A-N pertaining to respective regions of the control system 101 (e.g., respective CPCE 105), which may comprise comparingphysical state metadata 240 covering the respective regions to correspondingphysical classification values 1428 of respectivephysical state profiles 1414, as disclosed herein (e.g., healthyphysical state profiles 1414A, unhealthy physical state profiles 1414N, and so on). Thephysical error metrics 1474A-N may further comprise confidence metrics, which may comprise and/or correspond to confidence metrics of the correspondingphysical profiles 1414A-N and/or CPSC metrics 575 associated with thephysical states 1204A-N from which thephysical error metrics 1474A-N were derived (e.g., CPSC metrics 575 ofphysical state metadata 240 and/or acquiredphysical state metadata 1240 of the respectivephysical states 1204A-N). - The
security engine 1210 may be further configured to determine thecyber-physical health metadata 180 for thecontrol system 101. Thesecurity engine 1210 may determinecyber health metrics 182 of the control system 101 (and/or respective regions thereof) by use ofcyber health metrics 282. Thecyber health metrics 282 may incorporate one or more cyberstate error metrics 1472. In some embodiments, thecyber health metrics 282 determined by thesecurity engine 1210 may be inversely proportional to cyberstate error metrics 1472A for healthy cyber state profiles 1412A. In some embodiments, thecyber health metrics 282 may incorporatecyber error metrics 1472 pertaining to other, unhealthy cyber state profiles 1412N. Thecyber health metrics 282 may be proportional to cyberstate error metrics 1472N for unhealthy cyber states profiles 1412N. Thesecurity engine 1210 may be further configured to quantify a physical health of the control system 101 (and/or respective regions thereof) by use ofphysical health metrics 284. Thephysical health metrics 284 may incorporate one or more physicalstate error metrics 1474A-N. In some embodiments, thephysical health metrics 284 determined by thesecurity engine 1210 may be inversely proportional to error between the acquired physical state 1204 of thecontrol system 101 and physicalstate error metrics 1474A for healthy physical state profiles 1414A. In some embodiments, thephysical health metric 284 may incorporate physicalstate error metrics 1474 pertaining to other physical state profiles 1414. Thesecurity engine 1210 may incorporate physicalstate error metrics 1474N for “unhealthy”physical state classifications 1415. Thephysical health metrics 284 may be proportional to the physicalstate error metrics 1474N of unhealthy physical state profiles 1414N (e.g., unhealthy physical state profiles 1414N corresponding to particular types of physical attacks, physical attack vectors, and/or failure modes). - In some embodiments, the
security engine 1210 may be configured to determine cyber and/orphysical health metrics 282/284 corresponding to selected regions of the control system 101 (e.g., selectedCPCE 105,CPCE paths 108,CPCE sections 109,cyber sections 129,physical control sections 149, and/or the like). Thesecurity engine 1210 may determine cyber and/orphysical health metrics 282/284 at any suitable level of granularity, in accordance with the granularity of thecyber-physical state metadata 111 and/or corresponding classification schema 1416. Thesecurity engine 1210 may be further configured to associate cyber and/orphysical health metrics 282/284 determined for respective cyber regions with, inter alia,error metrics 175 and/or CPSC metrics 575 associated with the respective cyber regions. - The
security engine 1210 may be further configured to implement one or more mitigation operations based on, inter alia, the determinedcyber health metrics 282, as disclosed herein. The mitigation operations may comprise identifying “unhealthy”cyber components 120 and/orcyber nodes 124, as disclosed herein (e.g., identifyingcyber nodes 124 having cyber communication characteristics that diverge from “healthy” cyber communication characteristics). The mitigation operations may comprise determining the cause and/or source of anomalous error metrics 175 (and/orcyber state errors 1472A-N), as disclosed herein. The mitigation operations may include, but are not limited to: providing access to the cyber health metrics 282 (and/orcyber state metadata 220, cyber state profiles 1412, cyberstate error metrics 1472,error metrics 175, and/or CPSC metrics 575 from which thecyber health metrics 282 were derived), generating notifications pertaining tocyber health metrics 282 that fail to satisfy one or more cyber health thresholds, anomalouscyber health metrics 282, implementing mitigation operations in accordance with the determined cyber health metrics 282 (e.g., deactivating one or morecyber components 120,cyber nodes 124, and/or the like), and so on. The mitigation operations may pertain to particular cyber regions of thecontrol system 101 and/or may be implemented in accordance with asecurity policy 211, as disclosed herein. - As disclosed above, the
physical health metrics 284 determined by thesecurity engine 1210 may indicate a physical health of the control system 101 (and/or respective physical control regions thereof). Thesecurity engine 1210 may be further configured to implement one or more mitigation operations based on, inter alia, the determinedphysical health metrics 284, as disclosed herein. The mitigation operations may comprise identifying “unhealthy” computational and/orphysical components 130/140, as disclosed herein (e.g., identifying computational and/orphysical components 130/140 having a physical state that diverges from healthy physical state profiles 1412A). The mitigation operations may comprise determining the cause and/or source of anomalous error metrics 175 (and/orphysical state errors 1474A-N), as disclosed herein. The mitigation operations may include, but are not limited to: providing access to the physical health metrics 284 (and/orphysical state metadata 240,physical state profiles 1414, physicalstate error metrics 1474A-N,error metrics 175, and/or CPSC metrics 575 from which thephysical health metrics 284 were derived), generating notifications pertaining tophysical health metrics 284 that fail to satisfy one or more physical health thresholds, implementing mitigation operations in accordance with the determined physical health metrics 284 (e.g., deactivating one or morephysical components 140, halting control function(s) of one ormore CPCE 105, modifying the control function(s) of one ormore CPCE 105, isolating theCPCE 105 fromother CPCE 105 of thecontrol system 101, isolatingcyber-physical components 102 of theCPCE 105 from othercyber-physical components 102 of thecontrol system 101, and/or the like), and so on. -
FIG. 14B is a schematic block diagram of another embodiment of anRS agent 110 configured to evaluate cyber and/or physical health of acontrol system 101. TheRS agent 110 may comprise asecurity engine 1210,key generator 1212,communication manager 1216,error monitor 1218,acquisition engine 1206,state engine 1290, andstate store 1401 comprising cyber-physical state profiles, as disclosed herein. Thesecurity engine 1210 may be configured to monitor a cyber-physical health of the control system 101 (e.g., determine cyber-physical health metadata 180) and/or implement mitigation operations in response to the monitoring. Thesecurity engine 1210 may configure theRS agent 110 to generatestate keys 160, communicate thestate keys 160 through thecontrol system 101, acquirecyber-physical state metadata 1211 in conjunction with the communication ofrespective state keys 160, determineerror metrics 175 forrespective state keys 160, determine CPSC metrics 575 corresponding tocyber-physical state metadata 1211 acquired in conjunction with communication of therespective state keys 160, incorporate the acquiredcyber-physical state metadata 1211, and/or determinecyber-physical health metadata 180 in accordance with thedetermined error metrics 175, CPSC metrics 575, and/or the like, as disclosed herein. - In the
FIG. 14B embodiment, thestate engine 1290 may be configured to maintaincyber-physical state metadata 111 configured to characterize the cyber-physical state 1201 of the control system 101 (and/or respective regions thereof) during a designated time range. Thestate engine 1290 may be configured to maintaincyber-physical state metadata 111 corresponding tocyber-physical states 1201A-N corresponding to respective acquisition times α through α-n, as disclosed herein. Thesecurity engine 1210 may be further configured to determine cyberstate error metrics 1472A-N and/or physicalstate error metrics 1474A-N, as disclosed herein. The cyberstate error metrics 1472A-N may be configured to quantify error, differences, and/or distances between respective the currentcyber state 1202A of thecontrol system 101 and respective cyber state profiles 1412A-N (including healthy cyber state profiles 1412A and/or unhealthy cyber state profiles 1412N). The physicalstate error metrics 1474A-N may be configured to quantify error, differences, and/or distances between respective the currentphysical state 1204A of thecontrol system 101 and respective physical state profiles 1414A-N (including healthyphysical state profiles 1414A and/or unhealthy physical state profiles 1414N). - In the
FIG. 14B embodiment, thesecurity engine 1210 may be further configured to determine cybertrend error metrics 1473A-N and/or physicaltrend error metrics 1475A-N. Determining the cybertrend error metrics 1473A-N may comprise quantifying changes to thecyber state 1202 of the control system 101 (and/or respective regions thereof) as a function of acquisition time, which may comprise monitoring changes to thecyber state 1202 relative to respective cyber state profiles 1412A-N within a sliding window ofcyber states 1202A-N. The cybertrend error metrics 1473A-N may provide for detection of cyber-attacks resulting in delayed and/or gradual changes to thecyber state 1202 of thecontrol system 101, as disclosed above. In some embodiments, determining the cybertrend error metrics 1473A-N may comprise comparing respectivecyber states 1204A-N to respective cyber state profiles 1412A-N (e.g., comparing eachcyber state 1204A-N to respective healthycyber states 1412A and unhealthy cyber states 1412N, as disclosed herein). The determining may further comprise calculating cyber state error deltas (ΔCyErr), each quantifying a change to respectivecyber state errors 1472A-N between respective acquisition times α-n through a (a change incyber state errors 1472A-N of respectivecyber states 1202A-N). The cybertrend error metrics 1473A-N may quantify a degree to which thecyber state 1202 of the control system 101 (and/or respective regions thereof) are trending away from and/or towards respective cyber state profiles 1412A-N over time. The cybertrend error metrics 1473A-N may indicate that thecyber state 1202 is trending away from a healthycyber state profile 1412A and/or trending towards an unhealthy cyber state profile 1412N (or vice versa). Thesecurity engine 1210 may be further configured to estimate and/or project a time at which thecyber state 1202 of the control system 101 (and/or respective regions thereof) will transition between cyber state classifications 1413 (e.g., transition from a healthycyber state profile 1412A to an unhealthy cyber state profile 1412N, or vice versa). Alternatively, or in addition, determining the cybertrend error metrics 1473A-N may comprise quantifying a degree to which respective characteristics of thecyber state 1202 are trending away fromcyber classification values 1428 of respective cyber state profiles 1412A-N over time. Determining the cybertrend error metrics 1473A-N may further comprise estimating and/or projecting a time at which characteristics of thecyber state 1202 will correspond to specified cyber classification features 1422 of the respective cyber state profiles 1412A-N (e.g., the time at which a cyber state characteristic will correspond to an unhealthy cyber state profile 1412N). The cybertrend error metrics 1473A-N may be associated with AFCP metrics 575 ofcyber-state metadata 111 from which the cybertrend error metrics 1473A-N were derived and/or confidence metrics associated with respective cyber state profiles 1412A-N, as disclosed herein. - In the
FIG. 14B embodiment, thesecurity engine 1210 may be further configured to determinephysical trend errors 1475A-N and/orphysical trend errors 1475A-N. Determining the physicaltrend error metrics 1475A-N may comprise quantifying changes to the physical state 1204 of the control system 101 (and/or respective regions thereof) as a function of acquisition time, which may comprise monitoring changes to the physical state 1204 relative to respective physical state profiles 1414A-N within a sliding window ofphysical states 1204A-N. The physicaltrend error metrics 1475A-N may provide for detection of physical-attacks resulting in delayed and/or gradual changes to the physical state 1204 of thecontrol system 101, as disclosed above. In some embodiments, determining the physicaltrend error metrics 1475A-N may comprise comparing respectivephysical states 1204A-N to respective physical state profiles 1414A-N (e.g., comparing eachphysical state 1204A-N to respective healthyphysical states 1414A and unhealthy physical states 1414N, as disclosed herein). The determining may further comprise calculating physical state error deltas (ΔPhyErr), each quantifying a change to respectivephysical state errors 1472A-N between respective acquisition times α-n through a (a change inphysical state errors 1472A-N of respectivephysical states 1204A-N). The physicaltrend error metrics 1475A-N may quantify a degree to which the physical state 1204 of the control system 101 (and/or respective regions thereof) are trending away from and/or towards respective physical state profiles 1414A-N over time. The physicaltrend error metrics 1475A-N may indicate that the physical state 1204 is trending away from a healthyphysical state profile 1414A and/or trending towards an unhealthy physical state profile 1414N (or vice versa). Thesecurity engine 1210 may be further configured to estimate and/or project a time at which the physical state 1204 of the control system 101 (and/or respective regions thereof) will transition between physical state classifications 1413 (e.g., transition from a healthyphysical state profile 1414A to an unhealthy physical state profile 1414N, or vice versa). Alternatively, or in addition, determining the physicaltrend error metrics 1475A-N may comprise quantifying a degree to which respective characteristics of the physical state 1204 are trending away fromphysical classification values 1428 of respective physical state profiles 1414A-N over time. Determining the physicaltrend error metrics 1475A-N may further comprise estimating and/or projecting a time at which characteristics of the physical state 1204 will correspond to specified physical classification features 1422 of the respective physical state profiles 1414A-N (e.g., the time at which a physical state characteristic will correspond to an unhealthy physical state profile 1414N). The physicaltrend error metrics 1475A-N may be associated with AFCP metrics 575 of physical-state metadata 111 from which the physicaltrend error metrics 1475A-N were derived and/or confidence metrics associated with respective physical state profiles 1414A-N, as disclosed herein. - The
security engine 1210 may be configured to determinecyber-physical health metadata 180 for the control system 101 (and/or respective regions thereof) based on, inter alia, theerror metrics 175, CPSC metrics 575, cyberstate error metrics 1472A-N, and/or physicalstate error metrics 1474A-N, as disclosed herein. In theFIG. 14B embodiment, thesecurity engine 1210 may be further configured to incorporate the cybertrend error metrics 1473A-N into thecyber health metrics 282. Incorporating the cybertrend error metrics 1473A-N comprise adapting thecyber health metrics 282 to indicate a degree to which thecyber state 1202 of the control system 101 (and/or respective regions thereof) are trending away from healthy cyber state profiles 1412A and/or are trending toward unhealthy cyber state profiles 1412N. Thecyber health metrics 282 may further indicate a time at which thecyber state 1202 of the control system 101 (and/or respective regions thereof) are estimated and/or projected to transition to specified unhealthy cyber state profiles 1412N. Alternatively, or in addition, thesecurity engine 1210 may configure thecyber health metrics 282 to indicate a degree to which respective characteristics of thecyber state 1202 of thecontrol system 101 are trending away from cyber classification features 1422 and/orcyber classification values 1428 of healthy cyber state profiles 1412A and/or are trending towards cyber classification features 1422 and/orcyber classification values 1428 of unhealthy cyber state profiles 1412N. Thesecurity engine 1210 may further configure thecyber health metrics 282 to indicate a time at which specified characteristics of thecyber state 1202 of thecontrol system 101 are estimated and/or projected to transition to specified classification features of identified unhealthy cyber state profiles 1412N. Thecyber health metrics 282 may further incorporate confidence metrics pertaining to the cybertrend error metrics 1473A-N, which may quantify a confidence in thecyber state metadata 220 from which the cybertrend error metrics 1473A-N were derived and/or a confidence in respective cyber state profiles 1412A-N. - The
security engine 1210 may be further configured to incorporate the physicaltrend error metrics 1475A-N into thephysical health metrics 284. Incorporating the physicaltrend error metrics 1475A-N comprise adapting thephysical health metrics 284 to indicate a degree to which the physical state 1204 of the control system 101 (and/or respective regions thereof) are trending away from healthyphysical state profiles 1414A and/or are trending toward unhealthy physical state profiles 1414N. Thephysical health metrics 284 may further indicate a time at which the physical state 1204 of the control system 101 (and/or respective regions thereof) are estimated and/or projected to transition to specified unhealthy physical state profiles 1414N. Alternatively, or in addition, thesecurity engine 1210 may configure thephysical health metrics 284 to indicate a degree to which respective characteristics of the physical state 1204 of thecontrol system 101 are trending away from physical classification features 1422 and/orphysical classification values 1428 of healthyphysical state profiles 1414A and/or are trending towards physical classification features 1422 and/orphysical classification values 1428 of unhealthy physical state profiles 1414N. Thesecurity engine 1210 may further configure thephysical health metrics 284 to indicate a time at which specified characteristics of the physical state 1204 of thecontrol system 101 are estimated and/or projected to transition to specified classification features of identified unhealthy physical state profiles 1414N. Thephysical health metrics 284 may further incorporate confidence metrics pertaining to the physicaltrend error metrics 1475A-N, which may quantify a confidence in thephysical state metadata 220 from which the physicaltrend error metrics 1475A-N were derived and/or a confidence in respective physical state profiles 1414A-N. - The
security engine 1210 may be further configured to implement one or more mitigation operations based on, inter alia, the determined cyber and/orphysical health metrics 282/284, as disclosed herein. Thesecurity engine 1210 may be configured to implement mitigation operations in response to determining that thecyber state 1202A corresponds to an identified unhealthy cyber state profile 1412N. The mitigation operations may be implemented in accordance with the identified unhealthy cyber state profile 1412N, as disclosed herein. Thesecurity engine 1210 may be configured to implement mitigation operations in response to determining that thephysical state 1202N corresponds to an identified unhealthy physical state profile 1414N. The mitigation operations may be implemented in accordance with the identified unhealthy physical state profile 1414N, as disclosed herein. In theFIG. 14B embodiment, thesecurity engine 1210 may be further configured to implement mitigation operations based on the cybertrend error metrics 1473A-N, which may comprise identifying an unhealthy cyber state profile 1412N to which thecyber state 1202 of thecontrol system 101 are trending. The mitigation operations may be adapted in accordance with the identified unhealthycyber state profile 1412A, as disclosed above. Thesecurity engine 1210 may be further configured to implement mitigation operations based on the physicaltrend error metrics 1475A-N, which may comprise identifying an unhealthy physical state profile 1414N to which the physical state 1204 of thecontrol system 101 is trending. The mitigation operations may be adapted in accordance with the identified unhealthyphysical state profile 1414A, as disclosed above. -
FIG. 15 is a flow diagram of another embodiment of amethod 1500 for securing acyber-physical system 100, such as thecontrol system 101 as disclosed herein.Step 1510 may comprise generatingstate keys 160, eachstate key 160 comprisingCPKD 162 comprising and/or corresponding to the cyber-physical state of thecontrol system 101, as disclosed herein. -
Step 1520 may comprise communicating thestate keys 160 through acyber-physical system 100, as disclosed herein.Step 1520 may further comprise acquiringcyber-physical state data 1207, as disclosed herein.Step 1520 may comprise acquiringcyber-physical state data 1207 from regions of thecontrol system 101 covered by the state keys 160 (e.g., regions through which thestate keys 160 and/orfragments 161 thereof were communicated). Alternatively, or in addition,step 1520 may comprise acquiringregional RCPS data 1217A-N corresponding to communication of respective state key fragments 161A-N, as disclosed herein.Step 1520 may comprise acquiring a plurality ofCPS datasets 1209, as disclosed herein.Step 1520 may further comprise derivingcyber-physical state metadata 1211 from the acquiredcyber-physical state data 1207, as disclosed herein. -
Step 1530 may comprise calculating statekey errors 175, which may quantify error betweenrespective state keys 160 and/or cyber-physical reconstructions thereof.Step 1530 may comprise comparing eachstate key 160 to a corresponding validation key 170 (and/or comparing state key fragments 161A-N ofrespective state keys 160 tocorresponding validation data 171A-N).Step 1530 may further comprise determining a source and/or cause of theerror metrics 175, which may comprise adapting communication of one or moresubsequent state keys 160, and/or evaluating the resultingerror metrics 175 thereof, as disclosed herein.Step 1530 may further comprise determining CPSC metrics 575 for the acquiredcyber-physical state metadata 1211. The CPSC metrics 575 may be configured to quantify a confidence that the acquiredcyber-physical state metadata 1211 accurately represents the cyber-physical state of the control system 101 (and/or respective regions thereof). The CPSC metrics 575 may, therefore, be inversely proportional to theerror metrics 175 determined for the corresponding state keys 160 (and/or state key fragments 161). -
Step 1540 may comprise incorporating the acquiredcyber-physical state metadata 1211 into thecyber-physical state metadata 111, as disclosed herein.Step 1540 may comprise incorporating the acquiredcyber-physical state metadata 1211 into thecyber-physical state metadata 111 and/or associating the incorporatedcyber-physical state metadata 111 with corresponding CPSC metrics 575.Step 1540 may comprise adapt communication of one or moresubsequent state keys 160 to, inter alia, determine a cause and/or source of low CPSC metrics 575 and/or obtain acquiredcyber-physical state metadata 1211 having higher CPSC metrics 575. -
Step 1550 may comprise determiningcyber-physical health metadata 180 for the control system based on, inter alia, theerror metrics 175 and/or CPSC metrics 575 determined atsteps 1530 and/or 1540, as disclosed herein. In some embodiments,step 1550 may further comprise comparing the acquired cyber-physical state of the control system 101 (e.g., thecyber-physical state metadata 111 and/or acquired cyber-physical state metadata 1211) to a cyber-physical state estimate (e.g., state estimate 1313). The comparing may comprise determining state estimate error metrics 1375, which may be incorporated into thecyber-physical health metadata 180, as disclosed herein. Alternatively, or in addition,step 1550 may further comprise determining one or more cyber and/orphysical state errors 1472/1474, which may quantify error between the acquired cyber-physical state of the control system 101 (and/or regions thereof) to one or more cyber and/orphysical state profiles 1412/1414, whicherrors 1472/1474 may be incorporated into thecyber-physical health metadata 180, as disclosed herein. -
FIG. 16 is a flow diagram of another embodiment of amethod 1600 for securing acyber-physical system 100, as disclosed herein.Step 1610 may comprise communicatingstate keys 160 through selected regions of acontrol system 101, as disclosed herein.Step 1610 may comprise communicatingfragments 161A-N of eachstate key 160 through selectedCPC paths 108 of thecontrol system 101, as disclosed herein, eachCPC path 108 comprising a firstcyber path 126 by which thefragment 161 is sent to a selectedcorrelator 166, aphysical control coupling 148 corresponding to aPPV 155 through whichvalidation data 171 corresponding to thefragment 161 is transmitted to a selected receiver 168 (and/or by which thevalidation data 171 are otherwise determined), and a secondcyber path 126 by which thevalidation data 171 are returned. -
Step 1620 may comprise acquiringcyber-physical state data 1207 in conjunction with communication of thestate keys 160.Step 1620 may comprise acquiring the cyber-physical state of thecontrol system 101 in conjunction with communication of thestate keys 160 through thecontrol system 101.Step 1620 may comprise acquiringcyber-physical state data 1207 from regions of thecontrol system 101 covered byrespective state keys 160.Step 1620 may comprise acquiring thecyber-physical state data 1207 concurrently with communication of thestate keys 160. In some embodiments,step 1620 may comprise acquiringRCPS data 1217A-N from regions of thecontrol system 101 covered by respective state key fragments 161A-N, theRCPS data 1217A-N acquired in conjunction with communication of the respective state key fragments 161A-N. Alternatively, or in addition,step 1620 may comprise acquiring thecyber-physical state data 1207 and/orRPCS data 1217A-N separately from communication of thestate keys 160 and/or state key fragments 161A-N (e.g., before, after, and/or interleaved with such communication).Step 1620 may further comprise determining acquiredcyber-physical state metadata 1211 by use of the acquiredcyber-physical state data 1207, as disclosed herein. -
Step 1620 may further comprise determiningerror metrics 175 corresponding to communication of thestate keys 160 and/or determining CPSC metrics 575 corresponding to acquisition of thecyber-physical state metadata 1211, as disclosed herein.Step 1620 may comprise determining a source and/or cause ofhigh error metrics 175 and/or low CPSC metrics 575, as disclosed herein (e.g., by adapting communication of subsequent overlappingstate keys 160, such thatfragments 161A-N thereof are communicated through respectiveisolation CPC paths 108, and evaluating the resultingerror metrics 175 thereof).Step 1620 may comprise assigning error and/orCPSC metrics 175/575 to respective regions of thecontrol system 101 and/or acquiredcyber-physical state metadata 1211, as disclosed herein.Step 1630 may further comprise incorporating the acquiredcyber-physical state metadata 1211 into thecyber-physical state metadata 111, which may comprise associating the error and/orCPSC metrics 175/575 with the incorporatedcyber-physical state metadata 111, as disclosed herein. Theerror metrics 175 may indicate errors associated with communication of state keys 160 (and/or state key fragments 161) through regions of the control system characterized by respective portions of the cyber and/orphysical state metadata 220/240. The CPSC metrics 575 may indicate a confidence that respective portions of the cyber and/orphysical state metadata 220/240 accurately represent the cyber and/or physical state of regions of thecontrol system 101 characterized thereby (e.g., based onerror metrics 175 associated with communication ofstate keys 160 and/or statekey fragments 161 through such regions during acquisition of the cyber-physical state). In some embodiments step 1620 may further comprise maintainingcyber-physical state metadata 111 configured to characterize a plurality ofcyber-physical states 1201A-N of thecontrol system 101, thecyber-physical states 1201A-N corresponding to a range and/or sliding window of acquisition times (e.g., from a current acquisition time α to a previous acquisition time α-n). -
Step 1630 may comprise evaluating the cyber-physical health of the control system 101 (and/or respective regions thereof).Step 1630 may comprise evaluating acquired cyber-physical state 1201 of the control system 101 (and/or regions thereof). In some embodiments,step 1630 may comprise determining acyber health metrics 282 and/orphysical health metrics 284, as disclosed herein. Thecyber health metrics 282 may be based on, inter alia,error metrics 175, CPSC metrics 575,cyber state metrics 553,CyΔ metrics 1263, cyber state estimation metrics 1376, cyberstate error metrics 1472, and/or the like.Step 1630 may comprise evaluating one or more CSER, comparing the acquiredcyber state 1202 of thecontrol system 101 to one or more CSB 552 (e.g.,healthy CSB 552 and/or unhealthy CSB 552), comparing thecyber state 1202 to one or more cyber state profiles 1412 (e.g., healthy cyber state profiles 1412A and/or unhealthy cyber state profiles 1412N), and/or the like.Step 1630 may comprise determiningCyΔ metrics 1263 by, inter alia, correlating cyber state information to a sliding window ofcyber states 1202A-N, determining trends of respective CSER,cyber state metrics 553, and/or cyberstate error metrics 1472A-N, determining a trajectory estimate for the cyber state 1202 (Cy), determining trajectories of respective cyber state characteristics, and/or the like.Step 1630 may comprise comparing the acquiredcyber state 1202 to a healthycyber state profile 1412A, as disclosed above. Step 1640 may comprise comparingcyber state metadata 220,cyber state parameters 222,cyber state signatures 228, and/or portion(s) thereof, to correspondingcyber classification values 1428 of the healthycyber state profile 1412A. The comparing may comprise determining acyber state error 1472A, which may quantify error between the acquired cyber state of the control system 101 (and/or region thereof) and the healthycyber state profile 1412A.Step 1630 may further comprise associating the determinedcyber state error 1472A with CPSC metrics 575 characterizing thecyber state metadata 220,cyber state parameters 222, and/orcyber state signatures 228 by which thecyber state error 1472A was determined, as disclosed herein. -
Step 1630 may further comprise determining aphysical health metrics 284. Thephysical health metrics 284 may be based on, inter alia,error metrics 175, CPSC metrics 575,physical state metrics 555,PhyΔ metrics 1265, physical state estimation metrics 1376, physicalstate error metrics 1474, and/or the like.Step 1630 may comprise evaluating one or more PSER, comparing the acquired physical state 1204 of thecontrol system 101 to one or more PSB 554 (e.g.,healthy PSB 554 and/or unhealthy PSB 554), comparing the physical state 1204 to one or more physical state profiles 1414 (e.g., healthyphysical state profiles 1414A and/or unhealthy physical state profiles 1414N), and/or the like.Step 1630 may comprise determiningPhyΔ metrics 1265 by, inter alia, correlating physical state information to a sliding window ofphysical states 1204A-N, determining trends of respective PSER,physical state metrics 555, and/or physicalstate error metrics 1474A-N, determining a trajectory estimate for the physical state 1204 (Pity), determining trajectories of respective physical state characteristics, and/or the like.Step 1630 may comprise comparing the acquired physical state 1204 to a healthyphysical state profile 1414A, as disclosed above. Step 1640 may comprise comparingphysical state metadata 240,physical state parameters 242,physical state signatures 248, and/or portion(s) thereof, to correspondingphysical classification values 1448 of the healthyphysical state profile 1414A. The comparing may comprise determining aphysical state error 1474A, which may quantify error between the acquired physical state of the control system 101 (and/or region thereof) and the healthyphysical state profile 1414A.Step 1630 may further comprise associating the determinedphysical state error 1474A with CPSC metrics 575 characterizing thephysical state metadata 240,physical state parameters 242, and/orphysical state signatures 248 by which thephysical state error 1474A was determined, as disclosed herein. - In some embodiments,
step 1630 may further comprise implementing mitigation operations in accordance with the determined cyber-physical health of thecontrol system 101.Step 1630 may comprise implementing mitigation operations in accordance with theerror metrics 175, CPSC metrics 575,cyber state metrics 553,physical state metrics 555,CyΔ metrics 1263,PhyΔ metrics 1265, cyberstate error metrics 1472A-N, physicalstate error metrics 1474A-N, cybertrend error metrics 1473A-N, physicaltrend error metrics 1475A-N,cyber health metrics 282, and/orphysical health metrics 284, as disclosed herein. -
FIG. 17 is a flow diagram of another embodiment of amethod 1700 for securing acyber-physical system 100, as disclosed herein.Step 1710 may comprise acquiring the cyber-physical state of thesystem 100, as disclosed herein.Step 1710 may comprise acquiring a cyber state of thecontrol system 101 and/or maintaining correspondingcyber state metadata 220.Step 1710 may further comprise acquiring a physical state of thecontrol system 101 and/or maintaining correspondingphysical state metadata 240.Step 1710 may comprise acquiringcyber-physical state data 1207 while communicating state keys 160 (and/or state key fragments 161) through thecontrol system 101.Step 1710 may comprise acquiringcyber-physical state data 1207 from regions of thecontrol system 101 covered byrespective state keys 160.Step 1710 may further comprise acquiringRCPS datasets 1217 from regions of thecontrol system 101 covered by respective CPKD fragments 163.Step 1710 may further comprise determining CPSC metrics 575 for the acquiredcyber-physical state data 1207 and/or incorporating the acquiredcyber-physical state data 1207 intocyber-physical state metadata 111, as disclosed herein.Step 1710 may further comprise acquiring and/or maintainingcyber-physical state metadata 111 in accordance with a classification schema 1416.Step 1710 may comprise acquiringcyber state metadata 220 corresponding to specified cyber classification features 1422 and/or acquiringphysical state metadata 240 corresponding to specified physical classification factors 1442. The classification schema 1416 may comprise a subset of the cyber-physical state information capable of being acquired by theRS agent 110. -
Step 1720 may comprise determining cyberstate error metrics 1472 by, inter alia, comparing the acquired cyber state of thecontrol system 101 to respective cyber state profiles 1412.Step 1720 may comprise determining a plurality of cyberstate error metrics 1472A-N, each quantifying error between the acquiredcyber state 1202 and a respectivecyber state profile 1412A-N. The cyberstate error metrics 1472A-N may comprise cyberstate error metrics 1472A quantifying error between the acquiredcyber state 1202 and one or more healthy cyber state profiles 1412A, cyberstate error metrics 1472N quantifying error between the acquiredcyber state 1202 and one or more unhealthy cyber state profiles 1412N, and/or the like, as disclosed herein. - Step 1730 may comprise determining
cyber health metrics 282 for the control system 101 (and/or regions thereof). Step 1730 may comprise evaluating the cyberstate error metrics 1472A-N determined atstep 1720. Step 1730 may comprise determining cyberstate error metrics 282 that are: inversely proportional to cyberstate error metrics 1472A that quantify error between the acquired cyber state and healthy cyber state profiles 1412A and/or are proportional to cyberstate error metrics 1472N that quantify error between the acquired cyber state and unhealthy cyber state profiles 1412N. Step 1730 may further comprise associating thecyber health metrics 282 with CPSC metrics 575, as disclosed herein. Step 1730 may further include implementing one or more mitigation operations in accordance with the determinedcyber health metrics 282, as disclosed herein. -
Step 1740 may comprise determining physicalstate error metrics 1474 by, inter alia, comparing the acquired physical state 1204 of thecontrol system 101 to respective cyber state profiles 1412.Step 1720 may comprise determining a plurality of physicalstate error metrics 1474A-N, each quantifying error between the acquired physical state 1204 and a respectivephysical state profile 1412A-N. The physicalstate error metrics 1474A-N may comprise physicalstate error metrics 1474A quantifying error between the acquired physical state 1204 and one or more healthy physical state profiles 1414A, physicalstate error metrics 1474N quantifying error between the acquired physical state 1204 and one or more unhealthy physical state profiles 1414N, and/or the like, as disclosed herein. -
Step 1750 may comprise determiningphysical health metrics 284 for the control system 101 (and/or regions thereof).Step 1750 may comprise evaluating the physicalstate error metrics 1474A-N determined atstep 1740.Step 1750 may comprise determining physicalstate error metrics 284 that are: inversely proportional to physicalstate error metrics 1474 that quantify error between the acquired physical state 1204 and healthyphysical state profiles 1414A and/or proportional to physicalstate error metrics 1474N that quantify error between the acquired physical state 1204 and unhealthy physical state profiles 1414N.Step 1750 may further comprise associating thephysical health metrics 284 with CPSC metrics 575, as disclosed herein.Step 1750 may further include implementing one or more mitigation operations in response to the determinedphysical health metrics 284, as disclosed herein. -
FIG. 18 is a flow diagram of another embodiment of amethod 1800 for securing acyber-physical system 100, as disclosed herein.Step 1802 may comprise learning one or more cyber state profiles 1412.Step 1802 may comprise learning one or more healthy cyber state profiles 1412A and/or unhealthy cyber state profiles 1412N, as disclosed herein.Step 1804 may comprise learning one or more physical state profiles 1414.Step 1804 may comprise learning one or more healthyphysical state profiles 1414A and/or unhealthy physical state profiles 1414N, as disclosed herein. -
Step 1810 may comprise acquiring the cyber and/orphysical state 1202/1204 of the control system 101 (and/or regions thereof), as disclosed herein.Step 1820 may comprise determining cyberstate error metrics 1472, andstep 1830 may comprise determining correspondingcyber health metrics 282, as disclosed herein.Step 1832 may comprise receiving feedback regarding thecyber heath metrics 282. The feedback ofstep 1832 my comprise indications regarding the accuracy of the cyber health metrics 282 (e.g., whether heathycyber health metrics 282 accurately indicated healthy cyber behavior, whether unhealthycyber health metrics 282 accurately indicated unhealthy cyber behavior, and so on).Step 1832 may comprise incorporating the feedback into the cyber state profiles 1412, which may comprise adjusting one or more of thecyber state profiles 1412 in accordance with the feedback (e.g., adjustingcyber classification parameters 1422 and/or cyber classification parameters values 1428, and so on). -
Step 1840 may comprise determining physicalstate error metrics 1474, andstep 1850 may comprise determining correspondingphysical health metrics 284, as disclosed herein.Step 1852 may comprise receiving feedback regarding thephysical heath metrics 284. The feedback ofstep 1852 my comprise indications regarding the accuracy of the physical health metrics 284 (e.g., whether healthyphysical health metrics 284 accurately indicated healthy physical behavior, whether unhealthyphysical health metrics 284 accurately indicated unhealthy physical behavior, and so on).Step 1852 may comprise incorporating the feedback into thephysical state profiles 1414, which may comprise adjusting one or more of thephysical state profiles 1412 in accordance with the feedback (e.g., adjustingphysical classification parameters 1442 and/or physical classification parameters values 1448, and so on). - This disclosure has been made with reference to various exemplary embodiments. However, those skilled in the art will recognize that changes and modifications may be made to the exemplary embodiments without departing from the scope of the present disclosure. For example, various operational steps, as well as components for carrying out operational steps, may be implemented in alternate ways depending upon the particular application or in consideration of any number of cost functions associated with the operation of the system, e.g., one or more of the steps may be deleted, modified, or combined with other steps.
- Additionally, as will be appreciated by one of ordinary skill in the art, principles of the present disclosure may be reflected in a computer program product on a computer-readable storage medium having computer-readable program code means embodied in the storage medium. Any tangible, non-transitory computer-readable storage medium may be utilized, including magnetic storage devices (hard disks, floppy disks, and the like), optical storage devices (CD-ROMs, DVDs, Blu-Ray discs, and the like), flash memory, and/or the like. These computer program instructions may be loaded onto a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions that execute on the computer or other programmable data processing apparatus create means for implementing the functions specified. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture, including implementing means that implement the function specified. The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer-implemented process, such that the instructions that execute on the computer or other programmable apparatus provide steps for implementing the functions specified.
- While the principles of this disclosure have been shown in various embodiments, many modifications of structure, arrangements, proportions, elements, materials, and components, which are particularly adapted for a specific environment and operating requirements, may be used without departing from the principles and scope of this disclosure. These and other changes or modifications are intended to be included within the scope of the present disclosure.
- The foregoing specification has been described with reference to various embodiments. However, one of ordinary skill in the art will appreciate that various modifications and changes can be made without departing from the scope of the present disclosure. Accordingly, this disclosure is to be regarded in an illustrative rather than a restrictive sense, and all such modifications are intended to be included within the scope thereof. Likewise, benefits, other advantages, and solutions to problems have been described above with regard to various embodiments. However, benefits, advantages, solutions to problems, and any element(s) that may cause any benefit, advantage, or solution to occur or become more pronounced are not to be construed as a critical, a required, or an essential feature or element. As used herein, the terms “comprises,” “comprising,” and any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, a method, an article, or an apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, system, article, or apparatus. Also, as used herein, the terms “coupled,” “coupling,” and any other variation thereof are intended to cover a physical connection, an electrical connection, a magnetic connection, an optical connection, a communicative connection, a functional connection, and/or any other connection.
- Those having skill in the art will appreciate that many changes may be made to the details of the above-described embodiments without departing from the underlying principles of the invention. The scope of the present invention should, therefore, be determined only by the claims.
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/094,474 US20210209233A1 (en) | 2018-11-29 | 2020-11-10 | Systems and methods for control system security |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/204,983 US10896261B2 (en) | 2018-11-29 | 2018-11-29 | Systems and methods for control system security |
US17/094,474 US20210209233A1 (en) | 2018-11-29 | 2020-11-10 | Systems and methods for control system security |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/204,983 Continuation US10896261B2 (en) | 2018-11-29 | 2018-11-29 | Systems and methods for control system security |
Publications (1)
Publication Number | Publication Date |
---|---|
US20210209233A1 true US20210209233A1 (en) | 2021-07-08 |
Family
ID=70849290
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/204,983 Active 2039-05-01 US10896261B2 (en) | 2018-11-29 | 2018-11-29 | Systems and methods for control system security |
US17/094,474 Pending US20210209233A1 (en) | 2018-11-29 | 2020-11-10 | Systems and methods for control system security |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/204,983 Active 2039-05-01 US10896261B2 (en) | 2018-11-29 | 2018-11-29 | Systems and methods for control system security |
Country Status (4)
Country | Link |
---|---|
US (2) | US10896261B2 (en) |
EP (1) | EP3887980A4 (en) |
CN (1) | CN114026821B (en) |
WO (1) | WO2020112849A1 (en) |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101887077B1 (en) * | 2017-01-24 | 2018-09-10 | 엘지전자 주식회사 | Hacking test apparatus for vehicle electric device |
JP2020167509A (en) * | 2019-03-29 | 2020-10-08 | コベルコ建機株式会社 | Information processing system, information processing method, and program |
US11874930B2 (en) * | 2019-09-19 | 2024-01-16 | Battelle Energy Alliance, Llc | Anomaly detection for cyber-physical systems |
US11063965B1 (en) | 2019-12-19 | 2021-07-13 | Nanotronics Imaging, Inc. | Dynamic monitoring and securing of factory processes, equipment and automated systems |
US11100221B2 (en) * | 2019-10-08 | 2021-08-24 | Nanotronics Imaging, Inc. | Dynamic monitoring and securing of factory processes, equipment and automated systems |
EP3901802A1 (en) * | 2020-04-24 | 2021-10-27 | Honeywell International Inc. | Systems and methods for embedded anomalies detector for cyber-physical systems |
DE102020209993A1 (en) * | 2020-08-06 | 2022-02-10 | Robert Bosch Gesellschaft mit beschränkter Haftung | Method and device for processing data from a technical system |
US11443039B2 (en) * | 2020-08-21 | 2022-09-13 | Fathom5 Corporation | Controller computing system for preventing malicious control of a controlled machinery system |
CN113010887B (en) * | 2021-02-24 | 2022-03-11 | 天津大学 | Linear regression-based direct-current micro-grid virtual and false data injection attack defense method |
US11409866B1 (en) * | 2021-06-25 | 2022-08-09 | Northrop Grumman Systems Corporation | Adaptive cybersecurity for vehicles |
US11681811B1 (en) | 2021-06-25 | 2023-06-20 | Northrop Grumman Systems Corporation | Cybersecurity for configuration and software updates of vehicle hardware and software based on fleet level information |
CN115840363B (en) * | 2022-12-06 | 2024-05-10 | 上海大学 | Denial of service attack method aiming at remote state estimation of information physical system |
CN115865557B (en) * | 2023-03-03 | 2023-04-28 | 深圳华龙讯达信息技术股份有限公司 | Network coupling system based on data identification |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170046519A1 (en) * | 2015-08-12 | 2017-02-16 | U.S Army Research Laboratory ATTN: RDRL-LOC-I | Methods and systems for defending cyber attack in real-time |
US11599688B2 (en) * | 2018-02-26 | 2023-03-07 | Noblis, Inc. | Multi-layer cyber-physical systems simulation platform |
Family Cites Families (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5805785A (en) | 1996-02-27 | 1998-09-08 | International Business Machines Corporation | Method for monitoring and recovery of subsystems in a distributed/clustered system |
US7020701B1 (en) | 1999-10-06 | 2006-03-28 | Sensoria Corporation | Method for collecting and processing data using internetworked wireless integrated network sensors (WINS) |
WO2002021276A1 (en) | 2000-09-08 | 2002-03-14 | Goahead Software Inc>. | A system and method for managing clusters containing multiple nodes |
US6810398B2 (en) | 2000-11-06 | 2004-10-26 | Avamar Technologies, Inc. | System and method for unorchestrated determination of data sequences using sticky byte factoring to determine breakpoints in digital sequences |
US20040049698A1 (en) | 2002-09-06 | 2004-03-11 | Ott Allen Eugene | Computer network security system utilizing dynamic mobile sensor agents |
US7711779B2 (en) | 2003-06-20 | 2010-05-04 | Microsoft Corporation | Prevention of outgoing spam |
US8856522B2 (en) | 2007-02-27 | 2014-10-07 | Rockwell Automation Technologies | Security, safety, and redundancy employing controller engine instances |
WO2010071882A2 (en) | 2008-12-19 | 2010-06-24 | Watchguard Technologies, Inc. | Cluster architecture for network security processing |
US8484152B2 (en) | 2009-06-26 | 2013-07-09 | Hbgary, Inc. | Fuzzy hash algorithm |
US20130132149A1 (en) | 2010-06-10 | 2013-05-23 | Dong Wei | Method for quantitative resilience estimation of industrial control systems |
US9552470B2 (en) | 2010-11-29 | 2017-01-24 | Biocatch Ltd. | Method, device, and system of generating fraud-alerts for cyber-attacks |
US9483292B2 (en) | 2010-11-29 | 2016-11-01 | Biocatch Ltd. | Method, device, and system of differentiating between virtual machine and non-virtualized device |
GB2505367B (en) | 2011-05-13 | 2014-09-17 | Ibm | Anomaly Detection System for Detecting Anomaly In Multiple Control Systems |
US9203859B2 (en) * | 2012-02-01 | 2015-12-01 | The Boeing Company | Methods and systems for cyber-physical security modeling, simulation and architecture for the smart grid |
US20140137257A1 (en) * | 2012-11-12 | 2014-05-15 | Board Of Regents, The University Of Texas System | System, Method and Apparatus for Assessing a Risk of One or More Assets Within an Operational Technology Infrastructure |
US9471789B2 (en) * | 2013-02-19 | 2016-10-18 | The University Of Tulsa | Compliance method for a cyber-physical system |
US20150205966A1 (en) | 2014-01-17 | 2015-07-23 | MalCrawler Co. | Industrial Control System Emulator for Malware Analysis |
US10037128B2 (en) | 2014-02-04 | 2018-07-31 | Falkonry, Inc. | Operating behavior classification interface |
CN103905451B (en) * | 2014-04-03 | 2017-04-12 | 国网河南省电力公司电力科学研究院 | System and method for trapping network attack of embedded device of smart power grid |
US9930058B2 (en) | 2014-08-13 | 2018-03-27 | Honeywell International Inc. | Analyzing cyber-security risks in an industrial control environment |
WO2016172514A1 (en) | 2015-04-24 | 2016-10-27 | Siemens Aktiengesellschaft | Improving control system resilience by highly coupling security functions with control |
US20160344760A1 (en) * | 2015-05-22 | 2016-11-24 | John SARKESAIN | Dynamically-adaptive-resilient measured cyber performance and effects through command and control integration of full spectrum capabilities |
US9697355B1 (en) | 2015-06-17 | 2017-07-04 | Mission Secure, Inc. | Cyber security for physical systems |
US10609079B2 (en) * | 2015-10-28 | 2020-03-31 | Qomplx, Inc. | Application of advanced cybersecurity threat mitigation to rogue devices, privilege escalation, and risk-based vulnerability and patch management |
IL242808A0 (en) | 2015-11-26 | 2016-04-21 | Rafael Advanced Defense Sys | System and method for detecting a cyber-attack at scada/ics managed plants |
US10178177B2 (en) | 2015-12-08 | 2019-01-08 | Honeywell International Inc. | Apparatus and method for using an internet of things edge secure gateway |
WO2017196430A1 (en) | 2016-05-11 | 2017-11-16 | Acalvio Technologies, Inc. | Systems and methods for identifying similar hosts |
US9961089B1 (en) | 2016-10-20 | 2018-05-01 | Mitsubishi Electric Research Laboratories, Inc. | Distributed estimation and detection of anomalies in control systems |
US20180205755A1 (en) | 2017-01-19 | 2018-07-19 | University Of North Texas | Systems and methods for adaptive vulnerability detection and management |
US20180300477A1 (en) | 2017-04-13 | 2018-10-18 | Argus Cyber Security Ltd. | In-vehicle cyber protection |
CN108306894A (en) * | 2018-03-19 | 2018-07-20 | 西安电子科技大学 | A kind of network security situation evaluating method and system that confidence level occurring based on attack |
-
2018
- 2018-11-29 US US16/204,983 patent/US10896261B2/en active Active
-
2019
- 2019-11-26 WO PCT/US2019/063366 patent/WO2020112849A1/en unknown
- 2019-11-26 CN CN201980090814.XA patent/CN114026821B/en active Active
- 2019-11-26 EP EP19889239.0A patent/EP3887980A4/en active Pending
-
2020
- 2020-11-10 US US17/094,474 patent/US20210209233A1/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170046519A1 (en) * | 2015-08-12 | 2017-02-16 | U.S Army Research Laboratory ATTN: RDRL-LOC-I | Methods and systems for defending cyber attack in real-time |
US11599688B2 (en) * | 2018-02-26 | 2023-03-07 | Noblis, Inc. | Multi-layer cyber-physical systems simulation platform |
Non-Patent Citations (1)
Title |
---|
Davis et al., A Cyber-Physical Modeling and Assessment Framework for Power Grid Infrastructures, University of Illinois Urbana-Champaign, 2015. * |
Also Published As
Publication number | Publication date |
---|---|
US20200175171A1 (en) | 2020-06-04 |
CN114026821A (en) | 2022-02-08 |
EP3887980A1 (en) | 2021-10-06 |
EP3887980A4 (en) | 2022-11-09 |
US10896261B2 (en) | 2021-01-19 |
CN114026821B (en) | 2024-05-10 |
WO2020112849A1 (en) | 2020-06-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210209233A1 (en) | Systems and methods for control system security | |
Pliatsios et al. | A survey on SCADA systems: secure protocols, incidents, threats and tactics | |
Huseinović et al. | A survey of denial-of-service attacks and solutions in the smart grid | |
Sridhar et al. | Cyber–physical system security for the electric power grid | |
Kim et al. | A survey on network security for cyber–physical systems: From threats to resilient design | |
US9894080B1 (en) | Sequence hopping algorithm for securing goose messages | |
Alcaraz et al. | Covert channels-based stealth attacks in industry 4.0 | |
Wendzel et al. | Cyber security of smart buildings | |
Igbe et al. | Deterministic dendritic cell algorithm application to smart grid cyber-attack detection | |
Vahidi et al. | Security of wide-area monitoring, protection, and control (WAMPAC) systems of the smart grid: A survey on challenges and opportunities | |
Li et al. | A critical review of cyber-physical security for building automation systems | |
Antonini et al. | Security challenges in building automation and SCADA | |
Stamatescu et al. | Cybersecurity perspectives for smart building automation systems | |
McCary et al. | Smart grid attacks and countermeasures | |
Sarjan et al. | Cyber-security of industrial internet of things in electric power systems | |
Ghosh et al. | Towards secure software-defined networking integrated cyber-physical systems: Attacks and countermeasures | |
Hoeve | Detecting intrusions in encrypted control traffic | |
EP4181464A1 (en) | Network device identification | |
Hahn | Cyber security of the smart grid: Attack exposure analysis, detection algorithms, and testbed evaluation | |
Mashima et al. | Cybersecurity for Modern Smart Grid Against Emerging Threats | |
Heigl et al. | A resource-preserving self-regulating Uncoupled MAC algorithm to be applied in incident detection | |
Li et al. | Network security in the industrial control system: A survey | |
Wang et al. | Inference of compromised synchrophasor units within substation control networks | |
Sourav et al. | Distort to detect, not affect: Detecting stealthy sensor attacks with micro-distortion | |
Sourav et al. | Exposing hidden attackers in industrial control systems using micro-distortions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: APPLICATION DISPATCHED FROM PREEXAM, NOT YET DOCKETED |
|
AS | Assignment |
Owner name: UNITED STATES DEPARTMENT OF ENERGY, DISTRICT OF COLUMBIA Free format text: CONFIRMATORY LICENSE;ASSIGNOR:BATTELLE ENERGY ALLIANCE/IDAHO NAT'L LAB;REEL/FRAME:055315/0227 Effective date: 20190124 |
|
AS | Assignment |
Owner name: UNITED STATES DEPARTMENT OF ENERGY, DISTRICT OF COLUMBIA Free format text: CONFIRMATORY LICENSE;ASSIGNOR:BATTELLE ENERGY ALLIANCE/IDAHO NAT'L LAB;REEL/FRAME:056153/0260 Effective date: 20190124 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |